Ransomware ‘strains’ local government departments, FBI says

Written by Benjamin Freed

Ransomware actors continue to stress local government organizations by causing disruptions to utilities and critical utilities, according to a notice released this week by the FBI. According to the bulletin published on Wednesday, local governments were the second most victimized group in 2021, behind only the university sector as the preferred target for ransomware gangs.

And while the threat of ransomware has been familiar to local authorities for several years now, attacks continue to ensnare city and state governments, causing financial loss and shutting down critical functions, from courthouse operations to appointments. you vaccination against COVID-19.

“These types of attacks can have a significant impact on local communities by straining financial and operational resources and putting residents at risk of further exploitation,” the bulletin said.

Among the recent incidents to which the FBI refers – although without identifying the victim – is a January attack on Bernalillo County, New Mexico, which disrupted municipal operations to the point that buildings in the county were temporarily closed. to the public. The attack prompted the county jail to take inmates into custody while surveillance cameras and data collection were taken offline.

Other incidents disrupted county health departments in the past year, including an attack last May by an affiliate of the Grief ransomware operation that disabled the city’s COVID-19 vaccine appointment system. at least one county. Over the past year-plus, ransomware attacks have also compromised local government systems regarding zoning, finance, law enforcement, emergency dispatch and public defenders, the FBI said.

While the FBI advisory makes the usual recommendations – including continuity planning, regular software patches, network segmentation, offline backups, and stricter identity and access policies, like the multi-factor authentication – he notes that the tactics of ransomware actors continue to evolve.

Another one FBI Bulletin published last month noted that following high-profile attacks last year on Colonial Pipeline, Kaseya and JBS Foods, ransomware actors are moving away from “big game” hunting of high-value targets and to cloud infrastructure, managed service providers and software supply chains. There has also been a trend in ransomware hitting holidays and weekends – the Bernalillo County incident, for example, was reported just after New Years.

According to the FBI, ransomware outfits continue to run their operations as a service for hire, and other tactics are also growing, such as sharing victim information between groups and new extortion efforts like notifying individuals that their personal data has been retrieved. in an attack.

“Over the next year, US local government agencies will almost certainly continue to experience ransomware attacks, particularly as malware deployment and targeting tactics evolve, further endangering health and safety. and resulting in significant financial liabilities,” Wednesday’s alert said.

Ashley C. Reynolds