The threat level of local governments falling prey to ransomware attacks is “extreme, and governments must act immediately to improve their preparedness and mitigate their risks,” the New Zealand-based software company, Emisoft Malwar Lab, warns.
The lab’s new report, “The State of Ransomware in the US: Report and Statistics 2019,” examined impacts, costs and solutions of cybercriminal attacks.
It found that at least 948 government agencies, educational organizations and healthcare providers were victims of ransomware attacks in the U.S. in 2019. Such attacks involve cyberhacks breaking into public systems, freezing them, or threatening to publish illegally accessed data unless the victims agree to pay a ransom to the hacker.
The “unprecedented and unrelenting barrage of ransomware attacks” attributed to more than $7.5 billion in losses.
Approximately 103 federal, state and municipal governments and agencies, 759 healthcare providers, and 86 universities, colleges and school districts, with up to 1,224 individual schools potentially affected, were attacked by cybercriminals.
The attacks risked the health and safety of numerous patients. As a result of malware attacks, emergency room patients were redirected to other hospitals; medical records were inaccessible or permanently lost; surgical procedures were canceled, tests were postponed, admissions were halted, and 911 services were interrupted.
A ransomware attack on Wood Ranch Medical in Irvine, California, prevented the medical records of 5,835 patients from being accessed. Its backup system was encrypted, making data recovery impossible. As a result, the group announced it would have to permanently close. A similar outcome impacted Brookside ENT and Hearing Center in Battlecreek, Michigan, which also closed its doors after its system was wiped clean from a ransomware attack.
In cases affecting public security, police were locked out of technology applications they relied on to do their work, including accessing background check systems needed to access active warrants and surveillance systems. In most cases, badge scanners and building access systems were inoperable, and jail doors could not be opened remotely.
The police department of Riviera Beach, Florida, had its electronic services shut down through a ransomware attack launched by an employee opening a malicious email attachment. As a result, the Riviera Beach City Council unanimously voted to pay the ransom of $600,000 to the hacker and invested more than $900,000 into new hardware to rebuild its IT infrastructure.
“The fact that there were no confirmed ransomware-related deaths in 2019 is simply due to good luck, and that luck may not continue into 2020,” Fabian Wosar, CTO of Emsisoft, said. “Governments and the health and education sectors must do better.”
Municipalities impacted by ransomware attacks could not conduct property transactions, issue utility bills or driver’s licenses, make or receive online payments, and tax payment deadlines had to be extended. Websites were offline and email and phone systems didn’t work.
In the instances where schools were impacted, all systems were down, campuses were closed and grades were lost.
When ransomware attacks hit three public school systems (Sabine, Morehouse and Ouachita State) in Louisiana, Gov. John Bel Edwards declared a state of emergency.
Louisiana State Police, the Office of Technology Services and cybersecurity experts from the Louisiana National Guard mobilized to help them. Only a few months later, Edwards called another state of emergency after a ransomware attack affected 10 percent of the state’s 5,000 network servers and more than 1,500 state-run computers.
A recent University of Maryland, Baltimore County (UMBC) research report found that local governments are not prepared for cybersecurity attacks.
“Our research has shown that most American local governments do a poor job practicing cybersecurity,” Donald F. Norris, professor emeritus at UMBC, said. “They must do better. And they can start by establishing a culture of cybersecurity throughout their organizations to best protect citizen information and maintain continuous service delivery.”