The Threat of Ransomware in the Public Sector

Next story

Cybersecurity is continuously evolving in response to changes in the threats we face, and in the last two years cybercriminals have begun utilizing a more targeted approach to ransomware. This has resulted in a shift away from victimizing large numbers of people with demands for modest sums of cash, and towards a new approach targeting large organizations. This has left many organizations at risk and has led to a large number of attacks on the public sector.

Cybersecurity is continuously evolving in response to changes in the threats we face, and in the last two years cybercriminals have begun utilizing a more targeted approach to ransomware. This has resulted in a shift away from victimizing large numbers of people with demands for modest sums of cash, and towards a new approach targeting large organizations. This has left many organizations at risk and has led to a large number of attacks on the public sector.
 
Large organizations have deeper pockets and, considering the effects on commercial operations or social and economic stability, more incentive to ensure they don’t lose access to their data. ESET’s most recent whitepaper, Ransomware, an enterprise perspective, evaluates this change and looks specifically at how it has affected the public sector. It draws attention to the numerous headlines reporting on public sector attacks, such as the recent attack on the City of Atlanta as well as other attacks against fire and police department servers in Ohio and county agencies in North Carolina.
 
This certainly doesn’t mean the private sector is any less of a target, but we are seeing more of these headlines because the attacks are on public entities - with public services being impacted. In contrast, the commercial sector may not always be required to disclose data security breaches. Ransomware doesn’t discriminate against its victims but, considering the threat to everyday services, it’s highly important to consider the particular vulnerabilities of the public sector.
 
Confronting a public threat
The consequences of ransomware attacks can be huge in the public sector with risks magnified due to differing circumstances. For example, older systems and less budget for high-quality IT systems tend to be more common in this sector, and there may be more bureaucracy when choosing and implementing a protective technology. An attack can also have more devastating financial implications.
 
After the City of Atlanta refused to pay the ransomware demanded following an attack, the costs continued to climb and estimates have indicated it may end up being close to $17 million. Five city departments had to perform their jobs without computers for up to a week and basic services such as accepting online payments for water bills and traffic tickets were impacted. Atlanta is also one of the US’s major economic and transportation hubs and even its airport, one of the busiest in the US, was affected with the Wi-Fi being turned off for a week.
 
The effect of attacks on the public sector have also led to more serious consequences, and no one will easily forget the effects of last year’s WannaCryptor attack - a ransomware attack that brought part of the UK’s National Health Service to a standstill. And considering a medical record is worth 10 times as much as a credit card number on the black market, it’s no surprise that attacks continue to hit the healthcare industry, as well as bring down other vital public services. While on a smaller scale, ransomware attacks also disrupted vital services in the US state of Ohio, including attacks on Riverside’s fire and police department servers. Taking place in April and May this year, the attack shut down access to the police department’s records management system used to store investigative reports. At one-point police even lost the ability to make digital reports altogether and were forced to keep handwritten records – a highly worrying occurrence.
 
Evaluating priorities
The public sector is faced with difficult decisions when it comes to fighting cybercrime due to budgetary and other constraints. They may be faced with the decision to either invest in new tech and software or put money into local schools and hospitals, and public bodies may often feel a pressure to invest in the more public-facing services. However, making an investment in protecting a city against a cyberattack is arguably a ‘greater good’ scenario that ensures the continuity of vital services. And while keeping networks and data secure demands an investment in time and resource, the cost of a breach is far worse.

Want to find out more about trends in ransomware?

Read ESET’s latest white paper.