Crawford County, Ark., was like dozens of other local governments in 2021, a victim of a ransomware attack that halted operations and frustrated residents and IT workers alike. While it is on the smaller side as far as counties go, Crawford does get to hold the distinction of being one of the last reported ransomware attacks of the year, being struck on Dec. 26, 2021.
While a new year has dawned, Crawford County still has not gotten all its systems back online, according to County Judge Dennis Gilstrap, who said the county is working with Apprentice Information Systems to restore its operations.
Initially it seemed the county would be fully operational in just a couple of weeks, after a report on Jan. 4 said both the assessor and tax collector offices were back up. On Jan. 27, however, Gilstrap told SearchSecurity, "We are still in the process of recovery" and did not give a timetable on the full return of systems.
Even with the start of 2022, ransomware attackers haven't let up on government offices and public services within the U.S., which has been a familiar trend for some time. Since Jan. 1, there have been at least 10 reported public entities attacked by ransomware across the U.S., including schools, hospitals and county offices.
These are just the publicly reported figures so far; there are certain to be other incidents that have yet to be disclosed or reported. Emsisoft's recent annual report found that in 2021, ransomware attacks affected "a total of 2,323 local governments, schools and healthcare providers." The 2020 Emsisoft report saw similarly high ransomware attacks targeted at public agencies in the U.S., with "at least 2,354 U.S. governments, healthcare facilities and schools" affected by ransomware.
Some of the worst victims of attacks reported so far this year have been county governments, which have not announced the financial damages, but have suffered massive disruption and downtime to valuable public services.
Allan Liska, ransomware researcher at Recorded Future, described one of the main issues facing local governments trying to stop ransomware attacks.
"Local governments are very aware of the problem, but they don't have the ability to increase their budgets significantly," Liska told SearchSecurity. "It is not just a matter of buying technology; the federal government could say, here, every town and city gets $200,000 to buy whatever, whether it's better endpoint protection, better firewalls, better SIEM or whatever kind of tool it is. You will also need the personnel to manage that software, and that is really where the problem is."
So far this year, Bernalillo County, N.M., has been the symbol of just how badly ransomware attacks can affect local governments. Bernalillo, which is New Mexico's largest county and includes the city of Albuquerque, was attacked in early January and is still attempting to recover from the incident that knocked most of the county systems offline, including operations in Alvarado Square and the county detention center.
Other counties that have been hit include Dawson County, Neb., and Linn County, Ore.
Dawson County released its notice of a data breach on Jan. 14, informing residents whose information may have been compromised in the attack. According to the notice, no county systems were taken offline, but cybercriminals had stolen personal information and demanded a ransom in exchange. When Dawson County refused to pay the ransom, attackers released the personal information onto the dark web, exposing residents' health information and other personal data.
Linn County, like Bernalillo, suffered a systems failure as a result of a ransomware attack first identified on Jan. 24. The county is still without its main website, but the clerk's office is up and running again.
The city of Albany, Ore., shares a computer network with Linn County. There was apparently no major impact to the Albany websites, but due to a precautionary disconnection between the networks, Albany police are now filing records by hand because they lost connection to the district attorney's office.
Ransomware attacks have affected more than just county governments. For example, the city of Pembroke Pines, Fla., was hit by a ransomware attack on Jan. 13.
The city has not published a report on what specific systems were affected or if any residents may have been affected by the attack. City officials provided statements to several media outlets confirming the attack, which disrupted some computer services, but they said police and fire services were unaffected.
Government offices have not been the only public bodies attacked, as three different school districts have reported being targeted by ransomware since the beginning of January. One incident affected residents who were already quite aware of the damage ransomware can cause.
A ransomware attack hit Albuquerque Public Schools on Jan. 12, which caused the schools to close for the rest of that week, reopening on Jan. 18. The incident disrupted access to the student information system that teachers use, but the district said it had found a way to operate schools without those services for the time being.
Other schools affected included the Griggsville-Perry School District in Pike County, Ill. The school district announced on its Facebook page on Jan. 10, "GP Schools are experiencing network issues today. If you try to contact the offices or staff, please know that your message may not get to us in a timely manner. We will keep you updated as we get more information."
Over the next couple of weeks, Griggsville-Perry continued to provide updates on the recovery process. On Jan. 17, after a week of trying to resolve the issues, the school district announced that school would be closed Jan. 18 and 19. On the 19th, the school district announced the extent of the ransomware attack.
"Our techs have been working through the weekend and on these last few days to make sure our systems are 'clean' and ready to use," the Griggsville-Perry School District posted on its Facebook page. "They have assured [us] they are. However, many files that teachers use are gone at this point. Some will be retrievable. Some will not be. That will make it difficult for teachers to plan and deliver instruction.
"In addition, we will have network problems as we go along that will need addressed. That will all take time. Therefore, GP Schools will dismiss early on Thursday and Friday to give staff time to take inventory, create new materials and make new plans."
On Jan. 21, another announcement stated that there would be early dismissals each day for the upcoming week. The school district continues to try to recover from this incident -- so far this year, it has been the school district most affected by a ransomware attack.
Schools and governments are not the only public services being affected by ransomware attacks. Health systems are also not immune, as the Maryland Department of Health announced last month. On Jan. 12, the state's CISO Chip Stewart said that what was initially thought to be a simple server outage was a ransomware attack aimed at the department's COVID-19 data systems.
While the systems for reporting COVID-19 cases and hospitalizations are now back online, the state was unable to provide update statistics on COVID-19 to its residents for a few weeks while working to remove the ransomware.
When it comes to health services, a hospital in Marianna, Fla., was far happier last month than the Maryland Department of Health, when one of its IT workers discovered an attempted breach and quickly snuffed it out. While it did result in some systems having to be shut off out of precaution, the IT department's quick thinking on Jan. 9 reportedly mitigated the attack and prevented extensive damage.
While some of these incidents were prevented from causing any real damage, ransomware has still affected thousands of victims in the U.S. in just the first month of 2022. These are also just some of the public stories so far of ransomware attacks against public services. There are sure to be many more announced in the coming months as ransomware threat actors are just starting to get things underway in 2022.