This year has seen a significant spike of ransomware attacks on municipalities, researchers said.
This comes after Kaspersky researchers observed at least 174 municipal institutions with more than 3,000 subset organizations have been targeted by ransomware throughout the year. This represents a 60 percent increase over last year.
Ransomware is notorious in the corporate sector for financial devastation and has affected businesses around the world for several years with an increase in the manufacturing automation sector. On top of that, this year has seen rapid development of attackers targeting municipalities. Researchers said while these targets might be less capable of paying a large ransom, they are more likely to agree to cybercriminals’ demands. Blocking any municipal services directly affects the welfare of citizens in financial losses as well as other significant and sensitive consequences.
When considering publicly available information, ransom amounts have varied greatly with highs reaching up to $5.3 million and $1.03 million on average. Researchers said these figures do not accurately represent the final costs of an attack, as the long-term consequences are far more devastating and expensive.
The malware most often observed varied, yet three families were named as the most notorious by Kaspersky researchers: Ryuk, Purga and Stop.
Ryuk appeared on the threat landscape more than a year ago and has since been active all over the world in public and in the private sector. Its distribution model usually involves delivery via backdoor malware which spreads by the means of phishing with a malicious attachment disguised as a financial document.
Purga malware has been recognized since 2016, yet only recently municipalities have been discovered to fall victims to this Trojan having various attack vectors from phishing to brute force attacks.
Stop cryptor is relatively new as it is only a year old. It propagates by hiding inside software installers.
“One must always keep in mind that paying extortionists is a short-term solution which only encourages criminals and keeps them funded to quite possibly repeat the same acts,” said Fedor Sinitsyn, a security researcher at Kaspersky. “In addition, once a city has been attacked, the whole infrastructure is compromised and requires an incident investigation and a thorough audit. This inevitably results in costs that are in addition to the ransom requested. Based on our observations, cities might be inclined to pay because they usually cover the cyber risks with help of insurance and allocating budgets for incident response. The better approach would be to invest in proactive measures like proven security and backup solutions as well as regular security audit. While the trend of attacks on municipalities is only growing, it can be stifled by adjusting the approach to cybersecurity and what is more important by the refusal to pay ransoms and broadcasting this decision as an official statement.”
Click here for more information.