Cybersecurity company Kaspersky is reporting there has been an uptick in ransomware attacks this year, with many specifically targeting municipalities and their subset organizations.
Kaspersky researchers studied 174 municipal institutions and their 3,000 subset organizations that were targeted in 2019. The number alone shows that attacks have increased 60 percent since last year, the company said.
While many attacks have previously targeted corporations and businesses, malware distributors are now attacking municipal organizations. These organizations can’t typically pay the large ransoms that corporations do, but they tend to acquiesce to demands more easily.
Also, blocking municipal services tends to affect a larger swath of the population, which is a motivator for ransom paying.
The amounts for municipal ransoms range from $5,300,000 to $1,032,460, on average. However, those numbers don’t show the accurate number of damage, and the longer-term consequences of the ransomware actions are more devastating.
“One must always keep in mind that paying extortionists is a short-term solution which only encourages criminals and keeps them funded to quite possibly repeat the same acts,” said Fedor Sinitsyn, a security researcher at Kaspersky. “In addition, once a city has been attacked, the whole infrastructure is compromised and requires an incident investigation and a thorough audit. This inevitably results in costs that are in addition to the ransom requested.”
The researcher advised, “Based on our observations, cities might be inclined to pay because they usually cover the cyber risks with help of insurance and allocating budgets for incident response. The better approach would be to invest in proactive measures like proven security and backup solutions as well as regular security audit. While the trend of attacks on municipalities is only growing, it can be stifled by adjusting the approach to cybersecurity and what is more important by the refusal to pay ransoms and broadcasting this decision as an official statement.”
Kaspersky observed three types of malware that were the most prevalent: Ryuk, Purga and Stop. Ryuk rose to prominence in the last year and has been active in both the public and private sector. It spreads by phishing and as an attachment on a financial document.
Purga has been around since 2016, but has recently been used to target municipalities. Stop cryptor is the newest attack, and it conceals itself in software installers. It’s the number seven most popular cryptor as of the third quarter of this year, Kaspersky said.