The Underbelly of Ransomware Attacks: Local Governments

Globally, ransomware increased 148 percent [PDF] from 2019 to 2020, and last year the FBI reported [PDF] nearly $25 million in losses, which is likely just a small fraction of the total cost. These are large numbers but they fail to capture the societal impacts that ransomware wreaks upon communities. Local governments oversee water utilities, airports, schools, health care facilities, and other services that people tend to take for granted, and cyber criminals are all too aware of our dependency on these services. 2,400 U.S.-based governments, health-care facilities, and schools were victims of ransomware in 2020. These attacks disrupted medical treatment during a global pandemic, interrupted remote learning, and disabled public transportation.

I was fortunate to be a member of the Institute for Security + Technology’s (IST) Ransomware Task Force, which was convened to develop recommendations on how the government, private sector, and U.S. allies can combat ransomware and help victims, such as state and local governments. The Task Force recently released forty-eight recommendations to deter, disrupt, prepare for, and respond to ransomware events. Given ransomware’s impact on public entities, it is worth briefly diving into how the Task Force’s recommendations could help states and locals. Indeed, the Task Force concluded that “Ransomware attacks impacting local governments are catastrophic not only for the organizations themselves, but also for the constituents they serve.”

To continue reading this article by Michael Garcia, senior policy advisor for Third Way’s National Security program, a 2021 Shawn Brimley next generation national security fellow at the Center for a New American Security, and a former staffer on the U.S. Cyberspace Solarium Commission on the Council on Foreign Relations blog, go to:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.