The New Ransomware Target: Local Government

December 1, 2021

The New Ransomware Target: Local Government

Local governments may figure they are too small to be a ransomware target. However, they are the perfect size because of the value of the data they hold, such as personally identifiable information (PII) in tax records or the disruption hackers can cause by locking down a 9-1-1 system or bringing down an election system. Ransomware is the primary way municipal assets are attacked.

Ransom demand rose for local governments

Not only is the number of attacks growing exponentially (studies show that between 2018 and 2019, known attacks on local governments rose 58.5%), but the ransom demand rose from a monthly average of $30,000 to nearly $500,000 within the past few years. Even when cities don’t pay, the recovery costs can be staggering. For instance, the 2019 ransomware attack on Baltimore cost the city more than $18 million in damages in remediation.

Municipalities can take these three simple steps to help mitigate ransomware attacks:

1. Implement password hygiene.
   Although we all laugh about having “123Password” as a password, many municipalities haven’t implemented strict password rules. At a minimum the password should be:
   • At least ten characters with a mix of letters, numbers, and special characters.
   • Do not allow phrases.
   • Advise your employees not to use the same password for multiple sites (including their home sites).
   • Do not allow passwords to be repeated.
   • Do not share passwords.
   • Make sure your anti-virus software is up to date.
   • Store and transmit passwords securely. You may want to purchase encryption.
2. Employ two-factor authentication.
   Several second factors can be used to verify a user’s identity, from passcodes to biometrics. Requiring a second form of identification decreases the probability that an attacker can impersonate a user and gain access to your employee’s computers or mobile devices. The options depend upon the available budget and protection level needed.
3. Review remote desktop protocols.
   Enable logging and ensure logging mechanisms to capture remote desktop protocol logins. Keep the logs for a minimum of 90 days. Review the logins to ensure only those with access are using them. In addition, ensure that ports are closed after employees’ finish using them to reduce the risk of an attack.

Remember, your cybersecurity is only as good as your weakest link.

As hackers become more sophisticated, municipalities must also adopt cybersecurity approaches, including detection and response, should an attack occur. Our upcoming blogs will focus on evaluating and improving your cybersecurity posture and steps to take if an attack does occur. Remember, your cybersecurity is only as good as your weakest link. Dewpoint is here to help you identify and mitigate your risks. Contact us today to find out ways to increase your security posture