Virtualization Technology News and Information
What Local Governments Need to Know About Ransomware

More than 200 city, county, and state governments have reported ransomware attacks in recent years - and attacks in 2019 are outpacing 2018. The impact of a cyber-attack on a small government is large: interruption in critical public services, destruction and exposure of data, lost revenue, lost productivity, replacement costs of computer systems, legal liability, reputational damage, and more.

Because local governments typically have limited resources and limited IT infrastructures, they are extremely vulnerable to a cyber-attack. Data protection experts at Aparavi, a Gartner Cool Vendor in the multi-cloud data management space, offered the following information for government IT professionals concerned about ransomware attacks:

The struggle is very real

According to a recent study nearly two-thirds of ransomware attacks are directed at governments and their agencies or departments. Victims range from small (Garfield County, Utah; population 5,172) to large (Baltimore, Maryland; population 2.8 million). Everything may be currently fine, knock wood, but take action today so it will continue to be fine tomorrow.

A matter of life and death

A ransomware attack is potentially life-threatening. A cyber-attack impacting vital public services such as police/fire dispatch can mean loss of lives. If water, power, or transit systems get hit, residents are deeply affected, perhaps injuriously so. Senior citizens and children will suffer from failure to deliver the health and human services they depend on. Even interruptions in less critical services like licensing and permits can be extremely detrimental to the community.

Don't budge on budget

Government budget processes, understandably, tend to address immediate needs and table decisions about future needs until the next cycle. Finance committees and public officials must be made to see ransomware as an imminent threat in order to understand the urgency of the funding request. If government coffers are too small to afford cyber-defense, they are too small to recover from an attack - which can cost hundreds of thousands to millions of dollars.

Loss of revenue

If a government is unable to collect taxes, fees, and fines, or process payments for utilities, it is consequently unable to support and maintain the city or pay staff. On top of the hard costs of replacing IT systems, lost or delayed revenues can cause an ongoing financial crisis.

It's personal

Data that includes an individual's name, home address, social security number, email address, or other Personally Identifiable Information (PII) is highly confidential, and highly attractive to a cybercriminal. Most data collected about residents, such as property tax, utility accounts, and criminal records, is PII. Government employee data is also PII. Failing to secure PII is especially irresponsible, and incurs possible penalties, if it's compromised or breached.

To protect and to serve data

Effective backup, security, and storage strategies will depend on the importance of the data, the retention goals, and the budget. At a minimum, move critical and sensitive files to encrypted at-rest storage, and replicate immutable copies to a second offsite location such as a cloud service. Governments should use a data protection Software-as-a-Service (SaaS) that sends a monthly bill based on usage - just like homeowners pay for their utilities. The "pay-as-you-go" model of SaaS products can be very affordable, and there's no large up-front expenditure.

Don't pay up

Attackers love hitting local governments for one reason: they tend to pay ransoms. However, most security experts say you shouldn't. Paying a ransom does not guarantee a cybercriminal will restore your data; in fact it can trigger additional demands for more money. Even if you do get the data back, the cost and damage is often extensive, and resuming operations can still take weeks. Send a message that crime doesn't pay, and send a message to taxpayers that their government doesn't negotiate with cyberterrorists.

"It's difficult for cash-strapped local governments to allocate funds for a potential threat when there are real-world budget needs right now, but this puts the government, and the public, at great risk," said Jonathan Calmes, vice president of business development at Aparavi. "This lack of preparation can cost a government a hundred times more than the price of protecting the data appropriately in the first place."

For additional information and tips please visit

Published Thursday, September 26, 2019 9:29 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<September 2019>