05 April 2022
by Sarah Wray
As cyber-attacks continue to ‘strain’ US cities, states and public services through disrupted operations, risks to public safety, and financial losses, the FBI has urged local governments not to pay ransomware demands.
According to a new bulletin, reports to the FBI during 2021 showed that within the government facilities sector, local government entities were the second-most targeted group behind academia.
Ransomware attacks against local governments and the subsequent impacts are especially significant due to the critical services they deliver. This also makes them attractive targets.
“In the next year, local US government agencies almost certainly will continue to experience ransomware attacks, particularly as malware deployment and targeting tactics evolve, further endangering public health and safety, and resulting in significant financial liabilities,” the bulletin said.
In 2021, local US government agency victims were primarily smaller counties and municipalities, which was “likely indicative of their cybersecurity resource and budget limitations,” the FBI said.
To pay or not to pay
The State of Ransomware in Government 2021 survey of 30 countries, commissioned by Sophos, found that local governments were the least able to prevent encryption and recover from backups, and had the second highest rate of paying the ransom compared to other critical infrastructure sectors.
The FBI stressed that it does not encourage paying ransom because payment doesn’t guarantee files will be recovered, and it may also further embolden hackers.
The bulletin said: “However, the FBI understands that when victims are faced with an inability to function, all options are evaluated to protect shareholders, employees, and customers.
“Regardless of whether your organisation decides to pay the ransom, the FBI urges you to report ransomware incidents as soon as possible to your local FBI field office.”
Recommendations for local governments include continuity planning, regular software updates, training, multi-factor authentication, offline back-ups and encryption.
However, ransomware tactics continue to evolve. A February 2022 advisory issued by government agencies in the United States, Australia, and the United Kingdom noted that the three initial infection vectors in 2021 were phishing emails, remote desktop protocol exploitation, and software vulnerability exploitation.
These were likely exacerbated by continued remote work and learning due to the pandemic, which expanded the attack surface and made defence mechanisms more challenging.
Cyber attackers also advanced their tactics by implementing service-for-hire business models, sharing victim information among actor groups, diversifying extortion strategies, and attacking cloud infrastructure, managed service providers, and software supply chains.
The FBI highlighted several recent attacks. In January this year, a US county took computer systems offline, closed public offices, and ran emergency response operations using “backup contingencies” after a ransomware attack disabled county jail surveillance cameras, data collection capabilities and internet access, and deactivated automated doors, resulting in safety concerns and a facility lockdown.
In September 2021, a ransomware attack on a US county network resulted in the closure of the county courthouse and the theft of a substantial amount of county data, including personal information on residents, employees, and vendors. The actors posted the data on the dark web when the county refused to pay the ransom.
In a May 2021 incident, hackers infected local US county government systems with PayOrGrief ransomware, making some servers inaccessible and limiting operations. The attack disabled online services, including scheduling of COVID-19 vaccination appointments, and the attackers claimed to have 2.5 gigabytes of data, including internal documents and personal information.
Several US cities including Oldsmar and Tulsa also faced ransomware attacks last year.
“The FBI has an opportunity to disrupt some of this activity by leveraging partnerships with domestic and foreign governments, as well as the private sector, to more effectively identify actors, finances, and infrastructure,” the statement said.
Image: | Dreamstime.com