Ransomware attacks pose security risks by disrupting public services, including public utilities, civil protection and education, the Federal Bureau of Investigation (FBI) has warned.
The warning says local authorities are attractive targets for cybercriminals to suffer from ransomware, as they monitor key services on which the public depends.
Ransomware attacks on local authorities have disrupted health care, emergency services and security, and have seen sensitive personal data stolen by hackers, putting individuals at further risk of fraud and cybercrime. The attacks on local services show no signs of slowing down.
“Next year, local U.S. authorities will most likely continue to experience ransomware attacks, especially as malware spreads and targeting tactics evolve, further jeopardizing public health and security and resulting in significant financial debt,” the warning warned. Ransomware attacks over the past year have disrupted important day-to-day services.
LOOKS: Windows 11 Security: How to Protect Your Home and Small Business Computers
For example, the FBI describes how a January 2022 ransomware attack forced a U.S. county to take computer systems offline, close public offices, and force it to run emergency backup operations.
The attack also knocked out surveillance cameras for the county jail, data collection capabilities, internet access and disabled automatic doors, resulting in security issues and a plant closure.
Another ransomware incident against local authorities in September 2021 led to the closure of a courthouse and cybercriminals stealing personal information about residents and employees. The hackers published the information on the dark web after the county refused to pay the ransom.
In May 2021, a PayOrGrief ransomware attack infected local authorities in the United States, making servers inaccessible and disrupting online services, including the ability to schedule covid-19 vaccination appointments. The attackers claimed to have stolen 2.5 GB of data containing internal documents and personal information.
The examples of cyberattacks described in the warning represent only a small fraction of the total number of ransomware incidents against government services in the last year alone – and only higher education and academia were more common victims of ransomware attacks in 2021.
While the FBI and other law enforcement agencies say that victims of ransomware attacks should not pay the ransom for a decryption key because it only encourages further attacks, in many cases victims will pay because they feel it is the fastest way to restore vital services – that is why criminals focus on public services.
But even if the victims pay the ransom, it is a laborious task to restore the network – and there is no guarantee that the decryption key will work properly, or that the ransomware gang will not return with more attacks.
Whether the victim pays the ransom or not, the FBI urges US organizations to report ransomware incidents as it can help prevent future attacks on others.
LOOKS: A winning strategy for cybersecurity (ZDNet special report)
The FBI has listed several cybersecurity measures that organizations can implement to avoid falling victim to a ransomware attack. These include keeping operating systems and software up to date with security patches, so that cybercriminals cannot exploit known vulnerabilities to access networks, and requiring strong, unique passwords for online accounts, making it harder for hackers to guess passwords.
It is also recommended that organizations require multifactor authentication for online services, including webmail, VPN, and accounts with access to critical systems, to provide an additional barrier to attacks.
Organizations should also keep offline backups of data and make sure they are updated and tested regularly, so in the event of a ransomware attack, it is possible to restore the network without paying cybercriminals for a decryption key.