Ransomware criminals have taken a particular shine to US city and state governments, infecting them with file-scrambling extortionware in hope of quick payouts.
So says the security team at Barracuda Networks, who pored over a stack of its infection reports in the Land of the Free, and found a large majority of specifically targeted ransomware invasions were aimed at local government agencies.
"The team’s recent analysis of hundreds of attacks across a broad set of targets revealed that government organizations are the intended victims of nearly two-thirds of all ransomware attacks," Barracuda CTO Fleming Shi explained on Wednesday.
"Local, county, and state governments have all been targets, including schools, libraries, courts, and other entities."
The focus on government targets over corporate networks is likely a crime of opportunity, as private companies are usually somewhat more diligent on security and are more likely to be up to date on patching and anti-malware than poorly-funded government facilities.
In many cases, researchers found that smaller governments were preyed upon, likely because they, in particular, lack the funds and manpower to be able to catch and prevent the spread of ransomware infections, nor are able to easily restore data after their files are scrambled. About 45 per cent of the 80 attacks Barracuda studied in depth took place against local government in areas that had fewer than 50,000 residents.
"Smaller towns are often more vulnerable because they lack the technology or resources to protect against ransomware attacks," said Shi. "Nearly 16 percent of the municipalities attacked were cities with populations of more than 300,000 residents."
Among those named in the report were the Florida towns of Lake City and and Riviera Beach, who combined to pay over $1.1m in ransom to get their data back from criminals, a practice the federal government discourages but some experts believe makes more sense for some companies and government agencies.
Part of the trend towards paying may be due to pressure from insurance companies, according to a separate report from ProPublica.
The Pwn Star State: Nearly two dozen Texas towns targeted by tiresome ransomwareREAD MORE
That article cites officials in Lake City who say that the decision to cough up the ransom demand was made after consultation with the city's insurer, who pointed out that paying the demand would be cheaper than a data recovery effort that could exceed the city's coverage limit.
With insurance companies looking to keep their costs down, the report reckons, more people are paying up and, as a result, criminals have an incentive to continue ransomware attacks.
“They’re going to look at their overall claim and dollar exposure and try to minimize their losses,” said Eric Nordman, a former director of the regulatory services division of the National Association of Insurance Commissioners, or NAIC, the organization of state insurance regulators. “If it’s more expeditious to pay the ransom and get the key to unlock it, then that’s what they’ll do.”
As a result the criminals are now upping the amounts demanded in ransom because they know insurers will pay up. These incentives will ensure that ransomware is going to remain a bugbear for some time to come. ®