Throughout 2019, state, local, tribal, and territorial (SLTT) government entities are increasingly encountering ransomware attacks resulting in significant network downtime, delayed services to constituents, and costly remediation efforts. As of September 24, 2019, the MS-ISAC received approximately 60% more reported ransomware incidents affecting SLTT governments in 2019 than for the entire year of 2018. Not only are victims at risk of losing access to their systems and files, but they may also experience financial loss due to legal costs, purchasing credit monitoring services for employees/customers, or ultimately deciding to pay the ransom. The effects of a ransomware attack are particularly catastrophic when they impact emergency services and critical infrastructure, such as 911 call centers and hospitals.
Ransomware is a type of malware that blocks access to a system, device, or file until a ransom is paid. This is achieved when the ransomware encrypts files on the infected system (crypto ransomware), threatens to erase files (wiper ransomware), or blocks system access (locker ransomware) for the victim. The ransom amount and contact information for the cyber threat actor (CTA) is typically included in a ransom note that appears on the victim’s screen after their files are locked or encrypted. Sometimes the CTA only includes contact information in the note and will likely attempt to negotiate the ransom amount once they are contacted.
Throughout 2019, state, local, tribal, and territorial (SLTT) government entities are increasingly encountering ransomware attacks resulting in significant network downtime, delayed services to constituents, and costly remediation efforts. As of September 24, 2019, the MS-ISAC received approximately 60% more reported ransomware incidents affecting SLTT governments in 2019 than for the entire year of 2018. Not only are victims at risk of losing access to their systems and files, but they may also experience financial loss due to legal costs, purchasing credit monitoring services for employees/customers, or ultimately deciding to pay the ransom. The effects of a ransomware attack are particularly catastrophic when they impact emergency services and critical infrastructure, such as 911 call centers and hospitals.
Ransomware is a type of malware that blocks access to a system, device, or file until a ransom is paid. This is achieved when the ransomware encrypts files on the infected system (crypto ransomware), threatens to erase files (wiper ransomware), or blocks system access (locker ransomware) for the victim. The ransom amount and contact information for the cyber threat actor (CTA) is typically included in a ransom note that appears on the victim’s screen after their files are locked or encrypted. Sometimes the CTA only includes contact information in the note and will likely attempt to negotiate the ransom amount once they are contacted.