“Cyber Assaults Go Local: Why Ransomware Targeting City, County and State Governments is on the Rise”

Ransomware attacks against local governments and organizations are on the rise, shutting down key services and creating havoc.

How serious is it?

Ransomware, which is malicious software that renders data and systems inaccessible until a “ransom” is paid in exchange for a decryption key, can create unique challenges and problems when the victims are local governments or municipalities. Some experts estimate that up to two-thirds of ransomware attacks in 2019 involved local governments. For example, earlier this year 22 Texas towns suffered ransomware attacks all at the same time. At the annual meeting of United States Conference of Mayors, reflecting the seriousness of the ransomware targeted cyberattacks on cities, towns, and government agencies throughout the country, more than 200 mayors signed a resolution vowing not to pay ransoms to hackers.

Why are hackers targeting local governments and organizations?

  • Under-resourced budgets. Strained municipal budgets may not provide adequate resources to keep pace with technology and cyber security measures to address new threats and vulnerabilities and retain skilled cybersecurity staff.
  • Easy targets. Lack of funding means technology and threat prevention tools are not always up to date.
  • Exposure. Perhaps even more so than private companies, an interruption to services provided by government organizations can create significant problems for residents, interrupting public transportation, hospitals, utilities, tax payments, and emergency services like 911, fire safety, or law enforcement. Attackers know this and target governments which cannot afford interruptions in emergency services to residents, making them more likely to pay ransom demands.
  • Increased reliance on big data. Smart cities (so-called because they use technology to improve services such as transportation, utilities, and crime detection) collect vast amounts of citizen data which make them attractive targets.
  • New digital tools create new vulnerabilities. Digitally-reliant cities using digital tools for systems such as parking meters, street light motion sensors, contesting parking tickets, mobile app passenger transit cards, permitting and licensing, etc. offer up a host of new vulnerabilities that did not exist in the past.
  • Size. Local governments often have large workforces that require granting many people access to sensitive systems and gives attackers a broad base to try to introduce harmful software into governments’ computer systems.

How can local governments protect themselves?

Governments need to ensure they have adequate backups that are configured correctly and they need to test the restoration processes before an incident occurs. Learning after an attack that restoring one server alone takes 14 hours could make backups irrelevant. Governments should consider and establish priorities of recovery and ensure all stakeholders are on the same page with the chosen approaches. Are you going to restore the ability to issue and pay tickets first, or the ability to issue tax bills? And make sure you have identified the outside resources needed to assist with recovery efforts, including legal counsel, forensics, IT staff support, and crisis communication teams, are identified up front. Delays from vetting response teams in the middle of a crisis likely will exacerbate the situation.


Contact Clark Hill’s data breach response team with any questions or issues at: breachresponse@clarkhill.com, or (800) 949-3120.