Ransomware attacks continue to plague public services

Crawford County, Ark., was like dozens of other local governments in 2021, the victim of a ransomware attack that halted operations and frustrated residents and IT workers. Although smaller when it comes to counties, Crawford has the distinction of being one of the last reported ransomware attacks of the year, hit on December 26, 2021.

As a new year has begun, Crawford County still hasn’t brought all of its systems back online, according to County Judge Dennis Gilstrap, who said the county was working with Apprentice Information Systems to restore operations.

Initially, it looked like the county would be fully operational in just weeks, after a Jan. 4 report said the offices of the assessor and tax collector were back. On Jan. 27, however, Gilstrap told SearchSecurity, “We’re still recovering” and didn’t give a timeline for the systems’ full return.

Even with the onset of 2022, ransomware attackers have not let up on government offices and utilities across the United States, which has been a familiar trend for some time. Since January 1, at least 10 reported public entities have been attacked by ransomware across the United States, including schools, hospitals, and county offices.

These are just the figures published so far; there are certainly other incidents that have not yet been disclosed or reported. Emsisoft’s recent annual report revealed that in 2021, ransomware attacks affected “a total of 2,323 local governments, schools and healthcare providers”. The 2020 Emsisoft report saw similarly high ransomware attacks targeting public agencies in the US, with “at least 2,354 US governments, healthcare facilities and schools” affected by ransomware.

Some of the worst victims of the attacks reported so far this year have been county governments, which have not announced the financial damages but suffered massive disruptions and disruptions to valuable public services.

Allan Liska, ransomware researcher at Recorded Future, described one of the main issues facing local governments trying to stop ransomware attacks.

“Local governments are very aware of the problem, but they don’t have the capacity to increase their budgets significantly,” Liska told SearchSecurity. “It’s not just about buying technology; the feds could say here every city gets $200,000 to buy anything, whether it’s better endpoint protection , better firewalls, better SIEM or any other type of tool also need staff to manage this software, and that’s really where the problem lies.”

Bernalillo County, NM, has been a symbol so far this year of the severity of ransomware attacks that can affect local governments. Bernalillo, which is the largest county in New Mexico and includes the city of Albuquerque, was attacked in early January and is still trying to recover from the incident which took most of the county’s systems offline, including the operations at Alvarado Square and the County Detention Center.

Other affected counties include Dawson County, Neb., and Linn County, Oregon.

Dawson County issued its data breach notice on January 14, notifying residents whose information may have been compromised in the attack. According to the notice, no county system was taken offline, but the cybercriminals stole personal information and demanded a ransom in return. When Dawson County refused to pay the ransom, the attackers posted the personal information on the dark web, exposing residents’ health information and other personal data.

Linn County, like Bernalillo, suffered a system failure following a ransomware attack first identified on January 24. The county still doesn’t have its main website, but the clerk’s office is up and running again.

The city of Albany, Oregon shares a computer network with Linn County. There has apparently been no major impact on Albany’s websites, but due to a preemptive disconnection between networks, Albany police are now filing cases by hand as they lost connection with the district attorney’s office.

Ransomware attacks have not only affected county governments. For example, the city of Pembroke Pines, Florida was hit by a ransomware attack on January 13.

The city has not released a report on the specific systems that were affected or whether any residents may have been affected by the attack. City officials provided statements to multiple media outlets confirming the attack, which shut down some IT services, but they said police and fire departments were unaffected.

Government offices weren’t the only public bodies attacked, as three different school districts reported being targeted by ransomware since early January. One incident affected residents who were already well aware of the damage ransomware can cause.

A ransomware attack hit Albuquerque Public Schools on January 12, causing schools to close for the rest of the week and reopen on January 18. The incident disrupted access to the student information system used by teachers, but the district said it has found a way to operate schools without those services at this time.

Other affected schools include the Griggsville-Perry School District in Pike County, Illinois. The school district announced on its Facebook page on January 10, “GP Schools are experiencing network issues today. If you are trying to contact offices or staff, please be aware that your message is not reaching us in a timely manner. We will let you know as soon as we have more information.

Over the next two weeks, Griggsville-Perry continued to provide updates on the recovery process. On January 17, after a week of trying to resolve the issues, the school district announced that the school would be closed on January 18 and 19. On the 19th, the school district announced the extent of the ransomware attack.

“Our technicians have been working all weekend and the past few days to ensure our systems are ‘clean’ and ready to use,” the Griggsville-Perry School District said on its Facebook page. “They assured [us] they are. However, many files used by teachers are gone at this point. Some will be salvageable. Some will not. This will make it difficult for teachers to plan and deliver instruction.

“Additionally, we will have network issues as they need to be resolved. All of this will take time. Therefore, GP schools will close early Thursday and Friday to give staff time to take inventory, to create new materials and make new plans.”

On January 21, another announcement indicated that there would be early layoffs every day for the coming week. The school district continues to try to recover from this incident – ​​so far this year it has been the school district hardest hit by a ransomware attack.

Schools and governments are not the only public services affected by ransomware attacks. Nor are health systems immune, as the Maryland Department of Health announced last month. On Jan. 12, state CISO Chip Stewart said what was initially believed to be a simple server outage was a ransomware attack targeting the department’s COVID-19 data systems.

With the COVID-19 case and hospitalization reporting systems back online, the state was unable to provide up-to-date COVID-19 statistics to its residents for a few weeks while trying hard to remove the ransomware.

When it comes to health services, a hospital in Marianna, Florida, was much happier last month than the Maryland Department of Health when one of its IT people discovered an attempted breach and quickly muffled. Although some systems had to be shut down as a precaution, IT’s quick thinking on January 9 would have mitigated the attack and prevented significant damage.

Although some of these incidents may not have caused any real damage, ransomware still affected thousands of victims in the United States in the first month of 2022 alone. These are just some of the public stories of ransomware attacks on utilities. There are sure to be many more announced in the coming months, as ransomware threat actors are just beginning to push things forward in 2022.