A recent report by NordLocker exposes the industries most likely to be targeted by ransomware gangs, municipalities taking the number nine position Municipal services is the number nine industry hit by ransomware, according to the new desk research by NordLocker. An analysis of 1,200 companies hit by cyber extortion between 2020 and 2021 revealed those parts of the market where ransomware is the most widespread. NordLocker’s research has discovered that, out of 35 identified industries, a great number of ransomware attacks were detected within the municipal services sector.
The 53 institutions affected range from a municipality of a US island city to one of the Mi’kmaq communities in Canada. The findings raise the question: Why do cyber criminals prioritize this particular economic activity? What makes municipal services a lucrative target for ransomware gangs? Municipalities could be enticing to cyber racketeers because of the overwhelming amount of residential data they get to take hold of. “From contractor agreements to citizens’ Social Security numbers, municipal institutions process great amounts of data that is usually time-sensitive,” explains Oliver Noble, a cybersecurity expert at NordLocker, an encrypted cloud service provider.“Municipalities can’t risk having their activities put to a standstill, which provides hackers with a good chance of having their ransom demands fulfilled.”
Furthermore, municipal institutions usually lack digital protection, and their systems might run on outdated software due to tight budgets, as demonstrated by the sudden shift to remote working at the beginning of the global pandemic. “Hackers look for the weakest link, and unpatched vulnerabilities in an institution’s system or unsecured Wi-Fi networks don’t usually take long to find,” the expert
notes. How to protect your institution from ransomware Although ransomware attacks are evolving, Oliver Noble provides some easy-to-implement cybersecurity tactics to serve your organization as defense: Make sure your employees use strong and unique passwords to connect to your systems. Better yet, implement multi-factor authentication. Secure your email by training your staff to identify signs of phishing, especially when an email contains attachments and links.
Implement and enforce periodic data backup and restoration processes. An encrypted cloud might be the most secure solution for this. Adopt zero-trust network access, meaning that every access request to digital resources by a member of staff should be granted only after their identity has been appropriately verified.