Chris Swagler | April 12th, 2022

The Federal Bureau of Investigation (FBI) issued a warning about ransomware attacks disrupting public services, including utilities, emergency services, and educational institutions. Because local government agencies oversee critical services the public depends on, they are potential targets for ransomware attacks. Ransomware attacks targeting local governments cause disruptions to healthcare, emergency services, and safety operations. In these attacks, threat operators steal sensitive personal data, which puts individuals at risk of becoming victims of fraud and cybercrimes. The warning presents details on how several ransomware attacks have disrupted vital everyday services and indicate that local governments will continue to experience ransomware attacks, including malware deployment and evolving targeting tactics, endangering public health and safety, and causing significant financial liabilities.

A January 2022 ransomware attack against Bernalillo County, New Mexico shut down their computer systems, forced public offices to close, required emergency response operations to run on backup contingencies, and locked down the Metropolitan Detention Center. Additionally, county jail surveillance cameras, data collection capabilities, and internet access were knocked out, and automated doors were deactivated causing safety concerns and a facility lockdown. Ransomware attacks like this are all too common, as small governments and municipalities are increasingly targeted by threat actors.

Higher education and academia were the most common ransomware victims in 2021. Cyberattack cases listed in the FBI alert represent a small fraction of the overall number of ransomware incidents against government services in the past year alone. The FBI and other law enforcement agencies are urging ransomware victims not to pay the ransom demands in exchange for a decryption key because it encourages future attacks. Cybercriminals target public services because most victims will pay the ransom because they feel it’s the quickest way to restore vital services. Even though victims pay the ransom, restoring the network is a difficult task with no guarantee that the decryption key provided will work properly or ransomware groups won’t return with more attacks. Regardless of if victims pay the ransom or not, the FBI is urging United States-based companies to report ransomware incidents to prevent future attacks against others.

Companies can avoid becoming ransomware victims by implementing several cybersecurity measures, including updating operating systems and software with security patches preventing cybercriminals from exploiting known vulnerabilities to access networks, and requiring strong, unique passwords for online accounts, making it difficult for threat operators to guess passwords. Additionally, for online services including webmail, VPNs, and accounts with access to critical systems, it’s recommended that companies require multi-factor authentication to provide extra protection against attacks.

With more ransomware groups putting pressure on public sectors, including healthcare, emergency services, and local governments, it’s critical for companies in these sectors to keep offline data backups. With backups in place, networks can be restored without paying threat actors for a decryption key in the event of a ransomware attack. At SpearTip, healthcare providers can leverage effective and purpose-built solutions to defend against disruptive cyberattacks and protect patients’ data, so they can focus on providing care and improving patient outcomes. The ShadowSpear platform is an unparalleled resource that strengthens and improves healthcare security technology and infrastructure by neutralizing ransomware before it can access sensitive data. Our 24/7 Security Operations Center in tandem with our ShadowSpear Platform and commitment to industry-leading cybersecurity allows health providers to pursue innovation while protecting against operational disruptions.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.