Ransomware attacks create security risks by disrupting public services, including utilities, emergency services and education, the Federal Bureau of Investigation (FBI) has warned.
According to the warning, local government agencies are an attractive target for cybercriminals to hit with ransomware because they oversee critical services on which the public depends.
Ransomware attacks on local governments have disrupted healthcare, emergency services and security operations, and have stolen sensitive personal data by hackers, putting individuals at greater risk of fraud and cybercrime. The attacks on local services show no signs of slowing down.
“In the coming year, local U.S. government agencies will almost certainly continue to experience ransomware attacks, especially as malware deployment and targeting tactics evolve, further endangering public health and security and resulting in significant financial liabilities,” the warning warned. describes how several ransomware attacks in the past year have disrupted vital daily services.
SEE: Windows 11 security: how to protect your home and small business PCs
For example, the FBI describes how a ransomware attack in January 2022 forced a U.S. county to take computer systems offline, close public offices and require it to conduct emergency response operations in the event of backup emergencies.
The attack also disabled the county jail’s surveillance cameras, data collection capabilities, internet access and deactivated automated doors, raising security concerns and a lockdown at the facility.
Another ransomware incident against local government departments in September 2021 led to the shutdown of a district court and to cybercriminals stealing personal information about residents and employees. The hackers published the data on the dark web after the province refused to pay the ransom.
In May 2021, a PayOrGrief ransomware attack infected the U.S. province’s local government systems, rendering servers inaccessible and disrupting online services, including the ability to book COVID-19 vaccination appointments. The attackers claimed to have stolen 2.5 GB of data containing internal documents and personal information.
The examples of cyber attacks described in the alert represent only a small fraction of the total number of ransomware incidents against government services in the past year. Only higher education and academia were the victims of ransomware attacks more often in 2021.
While the FBI and other law enforcement agencies say that victims of ransomware attacks should not pay the ransom for a decryption key because it only encourages further attacks, in many cases victims will pay because they believe it is the fastest way to get vital services – that’s why criminals target public services.
But even if victims pay the ransom, restoring the network is an arduous task – and there’s no guarantee that the decryption key will work properly, or that the ransomware gangs won’t return with more attacks.
Whether the victim pays the ransom or not, the FBI is urging US organizations to report ransomware incidents as this can help prevent future attacks on others.
SEE: A winning cybersecurity strategy (ZDNet special report)
The FBI has listed several cybersecurity measures that organizations can implement to avoid falling victim to a ransomware attack. These include keeping operating systems and software up to date with security patches so that cybercriminals can’t exploit known vulnerabilities to gain access to networks, and requiring strong, unique passwords for online accounts to make it more difficult for hackers to create passwords. to guess.
It is also recommended that organizations require multi-factor authentication for online services, including webmail, VPNs and accounts with access to critical systems, to provide an additional barrier against attacks.
Organizations should also keep offline backups of data and ensure that they are regularly updated and tested so that in the event of a ransomware attack it is possible to restore the network without paying cybercriminals for a decryption key.
MORE ABOUT CYBER SECURITY