The Babuk group claimed that the D.C. police ransomware attack was its last. But many more groups will take Babuk's place, and ransomware attacks on government will continue along with ransomware attacks on hospitals.
It's easy money, for one. The ransomware-as-a-service model lets even tech novices monetize attacks. According to Verizon's 2020 Data Breach Investigations Report, 27% of malware incidents were ransomware-related. Public safety agencies, including police departments, are thought to be easy targets because they have so much to lose to attacks that target sensitive data or lock down critical IT systems. So far in 2021, 26 government agencies in the U.S. have been hit by ransomware attacks. As seen in the 2021 Data Breach Investigations Report, 70% of system intrusion attacks are of the ransomware variety through web applications seeking payment card data.
A lack of funding compounds the problem. According to Deloitte, most states only spend between 1% and 2% of IT budgets on cyber security, and many local governments have at most one security expert on their roster. Part-time cyber security efforts, the company warns, are no match for professional cyber criminals.
And the attack surface is growing. Public safety agencies have the twin concerns of running often unpatched legacy systems and protecting an increasingly distributed digital workforce. Phishing emails, unpatched vulnerabilities and remote desktop protocol endpoints with weak or compromised credentials are among the most common ransomware threat vectors.