The highest profile data breaches and cyberattacks often involve big businesses with millions of customers. But private companies aren’t the only organizations that are vulnerable to cybercrime – local governments are also popular targets for criminals. According to Verizon’s 2019 Data Breach Investigation, 16% of all 2018 data breaches involved public sector entities including state governments and local municipalities.
One of the biggest threats to local governments is ransomware attacks, which typically start with a link or downloadable attachment in an email sent to a government employee. Once the link is clicked or the attachment is downloaded, malware infects the government’s online systems and encrypts government files, locking them down. Criminals then demand the government pay a ransom to recover its files and get systems back up and running.
One notable example is the city of Atlanta, which was the victim of a ransomware attack last year. Criminals infected Atlanta’s systems with malware, and many of the city’s services ground to a halt. Residents couldn’t pay traffic tickets or bills online, or report graffiti or potholes. Many government computers couldn’t be used for five days. Atlanta didn’t end up paying the $50,000 ransom that criminals demanded, but they did end up spending millions on recovery efforts.
There are a few big reasons why local governments are especially vulnerable to ransomware attacks.
1. Government Systems are Vital to Residents
It is crucial that many government services remain operational for the good of the public. Emergency services, for example, must operate as a matter of life or death. And less crucial administrative systems still need to function properly for the government to serve their residents.
When government systems grind to a halt due to ransomware attacks, it can mean the disruption of services for the taxpayer. And so, governments that fall victim to attacks may be particularly motivated to pay ransom because the public needs them to stay operational.
2. Governments Have Tight Budgets and Limited Resources
Conventional wisdom would dictate that governments should not pay ransoms, as doing so can embolden criminals more. But it isn’t always that simple with local governments that often have strict budgets and limited cybersecurity resources.
Ransomware attackers often try to present ransoms as the budget recovery option for local governments, when compared to the cost of handling recovery themselves. There’s a reason that the Atlanta attackers only asked for $50,000 – they wanted to make cutting a deal much more financially attractive than the $2.7 million the city ended up spending on recovery efforts.
Local governments also look like attractive targets because they often aren’t as well protected as a private business when it comes to allocating resources for cybersecurity, and they may have system vulnerabilities or a lack of employee training.
3. Government Data is an Attractive Target
State and local governments store a lot of data about their citizens, including information on payment activity such as bills, court system data and even investments. Many local governments allow residents to pay for fees and services online using credit cards.
This data is very valuable to cybercriminals and could be used to commit identity theft, payment fraud or launch large scale phishing attacks. The value of this data makes it an attractive target and provides criminals with an additional motivation beyond obtaining ransom.