Why local governments make the best ransom-ware targets

We’re noticing some significant “enhancements” in the evolution of ransomware. When we connect-the-dots, we reach the conclusion that government officials, from federal officials all the way down to cities & schools, need to up their awareness as to their vulnerability. Let’s lay the foundation for what has emerged as “Ransomware-Two-Dot-Oh-No!”:

–         Ransomware-as-a-Service  (RaaS) is hitting the mainstream media… USA Today

–         Pyramid scheme meets ransomware – “Give us addresses of people you know. If two or more people install this file and pay, we will decrypt your files for free”.

–         The birth of the “RansomWORM”, ransomware capable of spreading across a network or implanting on removable storage (usb, shared drives, backup drives, etc.)

The reasons that governments are most susceptible…

–         Municipalities are an “open book” when it comes to availability of information, contacts & events that attackers can use as ransomware “bait”. No amount of “user awareness training” will cause a city government worker to pause before clicking on a document that refers to a controversial vote on last night’s city council meeting. I’m sorry, but a carefully crafted subject line & timely email on an emotional topic will be 99.99% successful.

–         Ransomware will become “personal” as it is more available to “users” with little or no sophistication.

–         The anonymity of “RaaS” allows anyone with a grievance to “get revenge” on their “persecutors”.

–         The budgets of cities & schools in particular, as a percentage of revenue, tends to be smaller than other “industries”.

And what about ransomware that doesn’t involve loss of data?

–         Ransomware that stealthy turns on the camera of a smartphone or computer.

–         Is it just me, or is it unfair media coverage, or is there just something about elected officials that make them especially vulnerable to “Sextortion”? How real is it? This article exposes how it is already impacting the men & women serving in our armed forces as well as our national security.

–         The loss of institutional integrity is unmeasurable when a school or municipal representative is compromised by ransomware; be it elected official, leadership, teacher, coach, or police officer or fire chief. Months of negative media coverage can impact the morale and trust of an entire community.

It should give us all pause to think about these hacks in all our organizations. Corporate executives & those who protect critical infrastructure (hospitals, power companies, water supply, etc.) are also particularly vulnerable. Any cyberattack has the ability to compromise that fabric of community.

These techniques will be tried against all type of organizations, but I believe it’s most important to bring this to the attention of your local school, city & county administrators & boards. Do us all a favor, ping your school board member or city council representative.

Leave a Comment