Group issues ransomware warning to local governments

School districts, library systems, sheriff’s offices and other areas of local government have all been hit by a recent wave of cyberattacks that has targeted counties throughout the country. These malware or ransomware attacks are affecting servers, websites and even the start date for some schools.   

In response, a consortium of local government groups and others have issued a fresh warning to local governments to back up systems on a daily basis; reinforce basic cybersecurity awareness and education and revisit and refine cyber incident response plans.  

Learn More

MS-ISAC's ransomware primer

The Center for Internet Security describes ransomware as a type of malware that blocks access to a system, device or file until the ransom is paid. Ransomware encrypts files on infected systems with different variants that can erase files or block access to the system using other methods.

The consortium that issued the warning includes the Cybersecurity and Infrastructure Security Agency, Multi-State Information Sharing and Analysis Center, National Governors Association and the National Association of State Chief Information Officers. They are supporting ransomware victims and encouraging the government to protect networks against the threat of a ransomware attack. 

Backing up systems and storing the back-ups offline ensures the integrity of the restoration process. If recovering from an attack, the groups recommend restoring a stronger system than was lost, by ensuring it is fully patched and updated to the latest version. 

It’s important to refresh employee training on recognizing cyberthreats, phishing and suspicious links which will help local governments prevent cybersecurity attacks, they warned. It’s also important to reiterate to employees how to report incidents to IT staff.

Counties should establish a clear plan to address attacks, which should include how to request assistance from external “cyber first responders” in the event of an attack. 

If ransom is not paid within a certain time frame, there is a risk of decryption keys being destroyed or files being permanently deleted, according to the Center for Internet Security. 

Schools in counties across the country including Alabama and Louisiana have been the victims of cyberattacks. 

On July 23, Louisiana Gov. John Bel Edwards declared a state of emergency after intentional cybersecurity breaches in the Sabine, Morehouse and City of Monroe school systems. According to the state of emergency proclamation, the cybersecurity incident may potentially compromise other public and private entities in the state. 

WTVY reported that Houston County Schools in Alabama delayed the start of their school year after the system’s server was targeted in a malware attack. The school system is working with law enforcement and network engineers. 

The attacks have also reached county library systems. 

The Butler County Federated Library System in Pennsylvania experienced a ransomware attack on its servers, according to a press release. 

Library officials confirmed the brand of ransomware used in the attack was “Ryuk,” according to the release. The attack has affected some services throughout the library system including the use of public computers, renewal of items, library catalog access, collection of fines and placement of item holds which were unavailable. 

The Butler County Federated Library System has been in contact with police and the FBI.

The Georgia Department of Public Safety’s network servers were also targeted in a ransomware attack. According to a statement, Georgia’s Department of Public Safety experienced outages in internal and customer facing applications and was “working diligently to resolve the issue.” 

Additionally, the servers at the Lincoln County Sheriff’s Office were hit with ransomware, according to Lincoln County Public Information Officer Ronnie Rombs. Only the sheriff’s office was targeted, he said.

According to the Center for Internet Security, some variants of ransomware can be unlocked or decrypted. The website, NoMoreRansom.org, which is run by cybersecurity vendors and government agencies, collects and shares all known decryption keys.