The U.S. is the most heavily targeted country for extortion malware, or “ransomware,” and local governments are targets. Something as simple as clicking on an ad while using a networked computer can activate malware that can encrypt all the files in the network. Hackers will then demand a ransom in exchange for the encryption key. Given the potentially high cost of finding a solution to the problem, some victims end up paying the ransoms.
County and municipal governments in Ohio have seen many attacks over the last year. While cyberattackers typically demand under $1,000 and many never receive their demands due to diligent security practices, not all victims are so fortunate. One county had to pay $2,500 to retrieve their court data. Ransomware, while newer, is not the only form of attack present.
A county’s agricultural society paid over $60,000 after a cybercriminal posing as the IRS infiltrated their system while pretending to be seeking back taxes. In another incident involving a technique called “spearphishing”, a school district treasurer transferred nearly $40,000 to an account while acting under the supposed direction of her supervisor. Spearphishing, a more deceptive form of the infamous phishing attempts, uses emails appearing to be sent by a peer or supervisor requesting routine fund transfers, only to a cybercriminal’s account.