During the last few years, there has been a large increase in the number of ransomware attacks. The criminal groups responsible for these attacks have targeted a wide variety of organizations including private and public companies, healthcare organizations, and government systems.
The average ransom amount demanded for attacks on government systems has increased over the last 5 years and is currently about $1,197,200 for this calendar year. This average is substantially larger than the average amount reported in previous years. There have been several reports of ransom demands over $5 million including the attack on the City of New Bedford and the City of Wheat Ridge.
In many of these attacks, the indirect cost of the system downtime incurred by the attack is far greater than the actual ransom amount. The IT teams of these government systems must work to quickly restore the data from backups and rebuild system infrastructure which is a difficult process. Since the government system is typically entirely down during this time, it’s a huge loss of productivity which can span from a few days to a few weeks.
The number of ransomware attacks on government organizations appears to have decreased since its peak in 2019. However, it can often take several months for an attack to be reported as the government system administrators must first address the attack and put in risk mitigation strategies before making information about the attack available to the public. It is worth noting that this decrease in the number of attacks this year is consistent with data from across other types of organizations.
*The 2022 data is January through October only
Many government organizations have implemented risk mitigation strategies to try to prevent unauthorized access into the system such as multifactor authentication and monitoring user activity proactively. They have also provided or reinforced existing training to users on how to avoid common attempts to gain access such as email phishing attempts and requiring strong passwords which get reset periodically. Additionally, North Carolina and Florida have enacted laws last year that prevent government organizations from paying out ransomware demands. This law in theory would disincentivize criminal groups from targeting government entities in these states. It will be interesting to see if other states which have been impacted particularly hard by ransomware attacks like Texas, California, and Georgia pass similar legislation in the near future.
During the last 5 years, there have been several different criminal groups who have either claimed responsibility for these attacks or have been identified by the government system, after the attack, as being responsible. The groups which have been responsible for the most attacks have been Sobinokibi, Ryuk, DopplePaymer, and Conti. However, this year ALPHV/Black Cat is emerging as a significant threat to government systems across the country.
The criminal groups will no doubt continue to develop more sophisticated ransomware attacks in the hopes of infecting as many organizations as possible. Organizations of all types must be vigilant by continuing to adopt and improve existing risk mitigation strategies and overall cybersecurity for all the systems in their purview. Based on the complex system architecture employed by the IT departments at most organizations, it will be critical to continually assess these for any vulnerabilities and work to address them as quickly as possible.
About the Author: Prithvi Jayachandran
Prithvi is a Project Manager and Customer Support Specialist at Extract, who customizes enterprise software solutions for government and healthcare organizations. Prithvi graduated from Case Western Reserve University with a dual degree in Biomedical Engineering and Mechanical Engineering. Prithvi is constantly trying to find innovative solutions to improve processes and efficiency in partnership with the organizations that he works with.