24/7 Client Support: Call +1 (800) 422-5941


10 Important Ransomware Stats and What They Mean for Municipalities

Before 2019, we wrote many blog posts about municipalities and ransomware that focused on the seriousness of the problem while offering tips about what to do. In those days (just a few years ago), the topic remained technical and industry-specific—mostly talked about in trade publications and local government publications.

In 2019, municipalities and ransomware became front page news in the mainstream media. The New York Times, The Wall Street Journal, The Washington Post, CBS News, ABC News, NPR, CNN, and Forbes are only a few examples of media outlets that have recently covered stories about ransomware attacks on municipalities. Even a highly polarized Congress has passed legislation attempting to help municipalities battle ransomware.

As we head into 2020, it’s worthwhile to collect some facts, statistics, and research about ransomware’s impact on municipalities to drive home the point that cities and towns must address cybersecurity vulnerabilities that leave them open to cyberattackers.

1. Local municipalities are the most popular ransomware target.

Many cities and towns still think, “We’re below the radar screens of sophisticated cyberattackers.” Or, “Cyberattackers mostly go after businesses.” Instead, research from Armor shows that municipalities are the number one target for attackers—ahead of schools and healthcare organizations. IT security company Barracuda Networks supports this research. Reported in StateScoop, “Nearly two-thirds of all publicly known ransomware attacks in the United States in 2019 have targeted state or local governments…”

Your municipality is a target. A big target.

2. More municipalities are targeted each year—a 60 percent year-over-year increase between 2018 and 2019.

Reported in MSSP Alert, “At least 174 municipal institutions suffered ransomware attacks in 2019, according to research from antivirus software provider Kaspersky. This represents a 60 percent year-over-year increase.”

In other words, ransomware is no longer an improbable event. It’s likely that even more municipalities will be targeted in 2020.

3. 45 percent of government ransomware victims were municipalities with under 50,000 in population.

Another argument we hear about ransomware is: “Cyberattackers only attack big cities like Atlanta, New Orleans, and Baltimore. They aren’t going after the smaller cities.”

Actually, it’s quite the opposite. Reported in CSO Online, “Barracuda’s researchers conducted a deeper dive on 55 ransomware attacks on state, county and local governments that have taken place [in 2019] and found that 38 were on local governments, 14 were on county governments, and three were on state governments. Nearly half of the government victims, around 45%, were small municipalities with populations of fewer than 50,000 residents, and 24% had fewer than 15,000 residents.”

4. 48 out of 50 states have had municipalities targeted by ransomware.

Your next argument might be, “But I’m from a less populated state that should be of less interest to cyberattackers.” However, at least 48 out of 50 states have had municipalities attacked by ransomware. A municipality from any state is fair game.

5. Ransomware reporting is imperfect—so many more municipalities are probably affected.

Yes, the ransomware problem at municipalities is worse than what’s reported because you must also consider the incidents that go unreported. Look at the statistics above and realize they are probably only the tip of the iceberg.

6. Cyber criminals charge a higher ransom for public sector victims.

We often hear, “But cities don’t have any money. Why would cyberattackers try to ransom us?” Whether that’s true or not, cyberattackers assume municipalities are a good, stable source of cash. According to Coveware, “[Public] sector victims paid an average ransom of $338,700, almost 10x the global enterprise average.” For a criminal, it’s a no-brainer to target the public sector.

7. Ransomware downtime is increasing.

As ransomware matures and becomes more sophisticated, it causes more damage and leads to longer downtime. Again according to Coveware, “In Q2 of 2019 average downtime increased to 9.6 days, from 7.3 days in Q1 of 2019.” A municipality experiencing a ransomware disruption will get hit harder today than just a few years ago.

8. 35 percent of ransomware attacks work because 3-year old vulnerabilities are not patched and fixed.

Too many ransomware attacks are successful because municipalities simply don’t patch their software. Reported in Dark Reading, “A new report says that 35% of the vulnerabilities exploited in ransomware attacks are more than 3 years old…” Because cyberattackers know that municipalities are not being intentional with keeping their IT environments monitored and maintained, they go after these easy ransomware targets. (See stat #1.)

9. Lack of employee knowledge helps ransomware attacks succeed.

We’ve written many times about how employees are often the ones who click on malicious email attachments and links that download and allow ransomware access into a municipality’s systems. Reported in Security Magazine, “More than one-third of respondents consider malware and ransomware a first priority threat. Yet, 25 percent of respondents say that employees have limited to no security awareness, nor do they understand their role in prevention.” Employee training is a must.

10. Your city may already be infested with ransomware—and it’s waiting to go off.

While the following statistic pertains to small and medium-sized businesses (SMBs), municipalities are often the same size—and so it’s likely that what holds true for SMBs holds true for municipalities. Reported in TechRepublic, “22% of SMBs said their networks have encountered a ransomware attack that bypassed preventative security controls, while fileless malware attacks are also on the rise. Average attack dwell time—the time between an attack penetrating a network’s defenses and being discovered—ranged from 43 to 895 days for SMBs, the report found. The average dwell time for confirmed, persistent malware was 798 days.”

This means it’s likely, if you don’t proactively maintain and monitor your IT systems, that ransomware already lurks within your municipality. And it’s waiting to go off—like a cyber bomb.

Worried about your municipality’s preparedness to defend yourself against ransomware or recover from a ransomware attack? Reach out to us today.

Original Date: 2/5/2020


Contact Us