Clickability tracking pixel

Report: Local Gov Cyberattacks Reach Critical Level

As more cyberattacks target local governments around the country, including a recent high-profile case in Florida, an international software security company has declared the number of attacks is at a crisis level.

by Sarah Nelson, The Gainesville Sun / December 18, 2019
Shutterstock/NicoElNino

(TNS) — As more cyberattacks target local governments around the country, including a recent high-profile case in Florida, an international software security company has declared the number of attacks is at a crisis level.

Emsisoft, a New Zealand-based company, said the attacks against school districts, local governments and medical networks reached an "unprecedented" number this year and officials must do more to plan accordingly.

"There's undoubtedly a higher number of attacks this year," said Brett Callow, Emsisoft spokesman. "This is the year that underinvestment in IT departments and software security has finally caught up with local governments."

Typically, a ransomware attack occurs when someone opens an email attachment that's infected with malware. Opening the link allows the virus to encrypt files, emails and documents that can only be unlocked with a code.

Hackers then demand a large sum of money in exchange for the code.

Emsisoft decided to release its report three weeks early after hackers targeted the city of Pensacola on Dec. 7 and demanded $1 million in exchange for the stolen documents.

The report said that 948 municipalities, school systems and health care providers have been impacted by ransomware. As of Saturday, the number of government agencies that have been attacked rose to 104 after a case in New Orleans.

Callow said the data does not break down each case by state, though a number of attacks have been reported in Florida, including Key Biscayne, Riviera Beach, the city of Stuart and the Wakulla County School District.

The number of cases could be higher, Callow explained, but little data exists about ransomware incidents.

In June, Lake City announced that it was hit with a ransomware demand, and authorized its insurance provider to pay 42 bitcoins to regain telephone and email records.

The case raised questions about whether other North Florida municipalities have protections in place for such an attack.

At the time, Gainesville's IT department, which runs through Gainesville Regional Utilities, said the city wasn't covered by insurance. Since then, officials say they have hired an insurance company.

"The city, being mindful of this uptick of attacks, has done what we felt was necessary to protect ourselves against these situations," said Shelby Taylor, the city's spokeswoman.

Taylor said the IT department has also created a recovery plan to retrieve stolen data should an attack take place.

In October, the city of Ocala was the target of an email spear phishing scam, though the case recently ended on a happier note compared to others.

An email, that appeared to come from a contractor that Ocala officials were working with, asked for payments to be transferred to a false account.

Over $740,000 was given to a Business Email Compromise hacker group, and the city recruited the local police department and the FBI to investigate.

Two weeks ago, the city announced that it has recovered over $717,000 of the funds, and its insurance provider will pay for $19,000 of the remaining balance.

The city acquired cybersecurity insurance protection in 2017.

Ocala had a total net loss of $5,000 from the phishing scam.

"To recover data in just two months is remarkable," said city spokeswoman Ashley Dobbs.

The Emsisoft report said that, while there is no single solution to curb ransomware demands, one long-term option is to stop paying the extortionists.

Callow said institutions that opt to pay the hackers versus recovering the data internally perpetuate the cycle of cybercrime by incentivizing the hackers. He also added that having insurance can sometimes entice hackers to target certain cities.

"In some ways, it's a double-edged sword," he said.

At a minimum, he said, governments must establish basic security measures such as developing disaster recovery plans, performing risk assessments and encrypting sensitive information.

©2019 The Gainesville Sun, Fla. Distributed by Tribune Content Agency, LLC.

Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.

E.REPUBLIC Platforms & Programs