Report finds majority of 2019 ransomware attacks have targeted state and local governments

by Maggie Miller - 08/28/19 3:00 AM ET

The majority of ransomware attacks in the U.S. in 2019 have targeted state and local governments, a report published Wednesday by cybersecurity group Barracuda Networks found.

The report counted a total of 55 ransomware attacks on U.S. state and local government entities between January and July of 2019. These attacks involve a malicious actor or group encrypting a network and asking for money, often in the form of bitcoin, to allow the user access.

{mosads}“The team’s recent analysis of hundreds of attacks across a broad set of targets revealed that government organizations are the intended victims of nearly two-thirds of all ransomware attacks,” Barracuda wrote in the report. “Local, county, and state governments have all been targets, including schools, libraries, courts, and other entities.”

The total amount of ransomware incidents documented by the report does not include the recent spree of 22 attacks on Texas municipalities, many of which were small local governments.

Several school districts in Louisiana were also targeted by ransomware attacks in recent weeks, while the city governments of Baltimore and Atlanta have both been crippled in the past year by ransomware incidents.

The report also revealed that small towns are more likely to be targeted by ransomware attacks, with 45 percent of the municipalities attacked in 2019 having fewer than than 50,000 residents, while a further 24 percent of the cities attacked had less than 15,000 residents.

Barracuda noted that the main avenue hackers are using to gain access to these systems is through “malicious software, delivered as an email attachment or link,” which then infects the networks and locks down the system until a ransom is paid.

To combat these attacks, Barracuda recommended that city and local governments focus on email security tactics, such as using email phishing-detection systems, putting in place an “advanced firewall,” backing up data to the cloud, and making sure employees are trained on how to spot suspicious emails.