There has been an increase in the number of cybercriminals sending ransomware to county governments. This relative increase was reported by many news stations, including a small consulting firm in Deloitte.
There could be many reasons for this increase in ransomware attacks but there are some reasons which stand out above the rest. The 3 reasons are:
- Insurance Claims
- Lack Of Cyber Security
- Maintainance of Critical Services
The governments and the firms can not help but pay the ransom that is flashing on their screens for these 3 above-stated major reasons. After all, what if it is a hospital or a police station that is under cyberwar attack? If someone requires help and they are unable to get it due to ransomware that will go away with payment, governments will always mostly choose the option of least resistance to safeguard the welfare of their people.
Where Is The Proof?
The statistics support this data with a survey that was done in 2019 which shows that there have been 163 reported ransomware attacks that have targeted the local and county governments. This is a stark increase of attacks from 2018, which shows that the publicly reported attacks amounted to 55 in total. An approximate sum of $1.8 million has been given up by the governments to get back the security of their networks so that they are not crippled for a long period of time.
It is observed that local governments are attacked more than state or national governments as their cybersecurity is known to have more loopholes that cybercriminals can easily exploit. And of course, the more readily the officials pay the fee, the more these criminals raise their expectations every time. For the hackers, it is simply a matter of knowing where and when to strike with the right sophistication of the software.
This was seen in Durham, N.C. when an employee unknowingly clicked on a phishing email that delivered a ransomware attack that crippled around 1000 systems in the IT dept. of the government. As you can imagine this posed a considerable blindspot in the power of the government which led to hasty payment to the attackers.
What Other Options Does The Government Have?
One would think that governments would take the approach of not negotiating with terrorists. As that is exactly what these cybercriminals are as they are partaking in acts of terrorism. In line with this way of thought, the city of Baltimore refused to pay the ransom. This choice although a good one cost the city greatly. The city although still retained its monetary value, was crippled in many other ways.
What Should We Do?
There are many scenarios and evasion tactics that the government could teach its people. Former of which includes the all-around education about cybersecurity, ransomware and phishing emails.
There should also be seminars for all kinds of what-if scenarios, and a specific fund of insurance if worst came to worst.