An April 2 ransomware attack confirmed by authorities in Jackson County, Missouri, shows that state and local governments remain popular targets for cybercriminals.
According to Jackson County officials, early indications are that there are operational inconsistencies across the county's digital infrastructure, rendering some systems inoperable while others continue to function normally. suggests.
Officials said systems affected so far include tax payments, online real estate, marriage licenses and inmate searches. As a result of the attack, deed appraisal, collection and recording offices at all county locations will be closed until further notice.
Rebecca Moody, head of data research at Comparitech, said she has already seen 18 such ransomware incidents targeting state and local governments so far in 2024.
Moody said the county does not believe any data was stolen, as the industry recently observed in the Rockbit attack on the city of Jacksonville Beach, Florida, but hackers often steal data as well as encryption systems. said. Moody said this would give the attackers something they could hold for ransom or sell on the dark web if negotiations fail. Jacksonville Beach recently confirmed that in January's ransomware attack he had nearly 50,000 records affected.
“Government agencies appear to remain prime targets for ransomware gangs, with 18 attacks confirmed so far this year, compared to 21 during the same period in 2023.” Mr. Moody said. “And the hackers are also a potentially lucrative target, with Washington County, Pennsylvania paying out nearly $350,000 to hackers after a January 2024 attack.”
Morgan Wright, SentinelOne's chief security advisor and SC Media columnist, said the attack on Jackson County was likely not directly caused by nation-state attackers, but that the ransomware was a type of ransomware that could be traced back to Russia. He said there was a good chance of a connection. Wright said that in 2021, Chainalysis reported that “approximately 74% of ransomware revenue in 2021, or $400 million worth of cryptocurrencies, was spent on stocks that were highly likely to be connected to Russia in some way.” He said he observed that
“Transnational ransomware groups continue to target state and local governments, exploiting aging IT infrastructure and the declining number of cybersecurity professionals working in government,” Wright said. . “While these groups are after money, they serve a larger purpose for Russia in terms of continued attacks and destabilization of government services.”
Ngoc Bui, a cybersecurity expert at Menlo Security, said the alarming increase in ransomware attacks on local governments is due to several key factors. It's a common belief that government agencies, especially at the local and state levels, often operate with outdated or poorly secured IT. infrastructure.
Mr Bui said there were concerns about increasing complexity and widening the skills gap, with government contracts often being awarded to the lowest bidder, which could lead to cost-effectiveness. Although the cost is high, he said he was concerned that it often led to reliance on people who may lack the necessary skills. training or experience.
“Contractors and federal, state, and local employees are often overworked, underfunded, and even when given adequate resources, they often lack reliable resources,” Bui said. “Even when sufficient resources are technically available, system limitations often prevent effective deployment.
“This widespread challenge is illustrated by the voices of former government and military personnel on social media and other platforms,” Bui continued. “They often say 'military grade' means 'lowest bid' rather than highest quality.”
Bui said Jackson County's decision to pay the ransom in the previous incident in 2019 may have falsely signaled to cybercriminals that the county could be a lucrative target for future ransomware attacks. He said that there is a sex. Bui said paying a ransom can lead to repeated targeting by the same or different ransomware operators, as it signals a willingness to comply with demands.
