Paradigm Shift for Ransomware - Massive Payouts Coming from City Government Networks

Ransomware has been the most significant online threat for a few years now, hitting private users, small and large businesses alike. However, it seems that the bad actors behind various strains of ransomware are exploring new venues and looking for new ways to extort large sums of money from their victims.

The latest worrying trend in ransomware is a very obvious shift towards attacks that target municipal and city government networks instead of businesses. 2019 saw a number of ransomware attacks that targeted city networks in the USA.

Many recent ransomware attacks that have taken the limelight are numerous, identified as Cerber, Sodinokibi,, Vesad Ransomware, and even the famous GandCrab threat. While some of the more popular threats may not be responsible for attacking city government networks, some of the same hackers that propagate such threats may be the perpetrators.

Victimized city governments fork over millions to get their data back

The latest ransomware attacks that resulted in a massive payout made by the city government took place in two Florida cities. Lake City and Riviera Beach paid a total of around $1.1 million after ransomware took down their government networks, disabling important systems and equipment that running the cities depends on.

Those attacks come in the wake of Jackson County, GA paying around $400 thousand to get ransomware off its network. The city of Atlanta had to spend over $7 million in late 2018 to recover from a ransomware attack, even though the original ransom demand was just $50 thousand. In mid-2019, Baltimore suffered a ransomware attack that brought $18 million worth of damages in its wake.

This unprecedented rise in cyber-extortion targeting municipal networks led to local authorities making an official appeal for help on a federal level. Atlanta Mayor Keisha Bottoms brought up the issue in Congress and requested better access to information as well as "real-time threat information" and "disaster-relief funding" that would help offset the damage caused by ransomware attacks. Insurance companies are still adjusting to this evolving cyber threat landscape and some already offer plans that cover similar attacks.

According to experts, this shift towards attacking municipal networks instead of just companies and businesses is not going away for a while, and ransom demands are expected to grow even more in the coming months and years.