Search
Close this search box.

Ransomware Attacks Against Local Governments on the Rise While Prevention Efforts Lag

Cybercriminals rely on credential reuse, a common risk that can be mitigated.

Ransomware attacks against local governments and utilities continue to pile up, yet a recent survey finds that fully half of local government offices have yet to upgrade their defenses. 

The IBM Harris poll study found that while three-quarters of government employees surveyed are concerned about impending cyber attacks, fewer than one in four have received any prevention training. 

Ransomware stats for local government trending up

While the overall number of ransomware attacks has trended downward in recent years, infections of state, county and city governments have increased, with more than 100 local governments infected in 2019. That figure is almost surely low, as victims often do not publicly report attacks, for fear that publicity will make the situation worse. 

Here at SpyCloud, our researchers recently picked up what appears to be another troubling trend: hackers leaking some of the locked-up data into the public domain, to increase pressure on their victims to pay up. 

“We saw this with the recent attack on Pemex,” said Dustin Warren, a senior security researcher with SpyCloud. “If the ransom isn’t paid, they threatened to release data publicly — this could be customer data or proprietary data. Another group we’re tracking recently posted a screenshot of company names — we think customers of the initial victim. It’s just getting really dangerous.” 

Attackers may be threatening to release data because some victims are now refusing to pay, even though their recovery costs are almost sure to be many times higher than the ransom demand. Officials in Baltimore, which have so far spent more than $18 million on remediation, new hardware and lost or deferred revenue, say they didn’t pay for several reasons: because federal investigators recommended against it, there was no guarantee the demand (reportedly $18,000 in cryptocurrency) would lead to the unlocking of the network, and because there was no way to guarantee that even if they did unlock it, hackers wouldn’t re-attack.

While to pay or not to pay may be the most pressing question for those who have been attacked, for those who haven’t yet, ransomware prevention and swift recovery should be the focus.

Ransomware prevention 101

But how? According to a Bitdefender survey of more than 6,000 InfoSec professionals around the globe, the best way to defend against advanced cyber-attacks is through awareness, training, and support.

While no amount of training is foolproof, there are some very basic actions entities can take to protect their systems, users ,and employees. 

Take credential reuse. The practice of using the same password, or only slightly altering it, for multiple accounts, remains rampant. Across the billions of exposed credentials SpyCloud recovered over the last year, 74% of affected users had recycled at least one password across more than one account. 

“The bad guys bank on credential reuse,” said SpyCloud’s Warren. “If they can find your users’ Active Directory credentials through a third-party breach, they can easily log into your network and direct their malware to spread through the entire organization.”

Protect yourself with SpyCloud

With SpyCloud Active Directory Guardian, you can automatically detect and reset compromised passwords that put your enterprise at risk. 

Installed in minutes, without touching the domain controller or risking account lockouts, Active Directory Guardian enables you to screen your AD accounts for any password that has ever appeared in SpyCloud’s database of billions of exposed passwords. It enables you to detect and stop employees when they unwittingly attempt to select passwords that criminals are actively using in credential stuffing and password spraying attacks

Don’t let the frightening statistics around ransomware lead to paralysis. Active Directory Guardian gives you the ability to quickly discover compromised credentials and change exposed passwords automatically — and that can help stop criminals from attempting to re-attack your organization, your vendors, partners and clients. 

Learn more: Get in touch with us today to see our solutions in action.

Recent Posts

Check Your Company's Exposure

See your real-time exposure details powered by SpyCloud.

Check Your Exposure has been expanded with more recaptured data. See Your Results Now

X
Search
Close this search box.