Ransomware attacks could hit city governments and IT companies
Municipal governments and critical infrastructure continue to be targeted by threat actors, although ransomware attacks appeared to slow in May.
According to data collected by SearchSecurity, May has had the fewest disclosures or confirmed reports of ransomware attacks of any month so far in 2022. Although there may be attacks that have not been reported public, only 11 occurred in the United States. in May, and eight others were disclosed during the month but had occurred some time before.
However, the past month hasn’t been a complete outlier, as April also saw signs of a slowdown in ransomware, with only 20 total attacks disclosed. Similar to other months, SearchSecurity found 41 ransomware attack disclosures in January, 27 in February, and 31 in March.
Rob Joyce, director of cybersecurity for the US National Security Agency, said last week that the US has seen a drop in ransomware activity since Russia invaded Ukraine. Speaking at the National Cyber Security Center’s CyberUK conference earlier this month, Joyce gave some credit to the drop in penalties against specific ransomware groups and crypto-platforms. currencies that facilitate ransom payments and hide them from law enforcement investigations.
Local governments have consistently fallen victim to ransomware threat actors. Every month of 2022 has had at least one instance of a city, county, or state government in the United States hit by a ransomware attack.
Quincy, Illinois, and Somerset County, NJ, were the two most recent municipalities hit by ransomware attacks, with Quincy arriving the first week of May and Somerset the last.
Officials initially announced the attack on Quincy on May 6, but did not confirm it as ransomware until May 24, when Mayor Mike Troup held a press conference. During the conference, Troup said that while some departments like the police and fire department had email and phone systems affected, almost everything was back up and running and no personal information appeared to have been stolen. According to Troup, the city invested more than $600,000 to stem this ransomware attack; the mayor also said the ransom demand was less than half a million dollars.
On the same day as Quincy’s press conference, Somerset County officials said their email system had been affected by a ransomware attack, but all other county services appeared to be working fine.
In April, the FBI Cyber Division issued a warning about threats to the agricultural sector in the United States. The concern was that as the months warmed up and the planting season kicked in, threat actors trying to harm critical infrastructure would target agricultural businesses. While there haven’t been many of these attacks on the industry yet, there was at least one ransomware attack on an agricultural business in May.
AGCO, one of the world’s largest agricultural machinery manufacturers, was hit by an attack on May 5 that destroyed parts of its production systems. The company’s initial press release stated that “its business operations will be impacted for several days and potentially longer to fully resume all services depending on how quickly the company is able to repair its systems.”
On May 16, AGCO released another statement, saying most production issues had been resolved, but the company was still in the process of restoring all business operations. Asked by SearchSecurity, AGCO said there were no further updates beyond the second press release. AGCO sold more than $11 billion worth of products last year, ranging from combines and tillage machines to grain storage and livestock care equipment.
AGCO wasn’t the only agriculture company to confirm a ransomware attack in May. On May 6, the Central Livestock Association notified victims that the group had been hit by an attack. The group, which runs livestock auctions in different locations across the United States, said parts of its systems were encrypted by the attack.
Other attacks on private businesses ranged from healthcare to IT services. Cloud hosting provider Opus Interactive has announced that it suffered a ransomware attack on May 10 that affected the company’s servers. A subsequent May 16 announcement noted that there were still partial outages at each of its cloud infrastructure centers.
Additionally, Fronteo, an international e-discovery provider, hit the data center of its US subsidiary on May 16. The “Cuba” ransomware gang took responsibility for the attack. Another company targeted by ransomware last month was Omnicell. The health technology company disclosed in a Securities and Exchange Commission filing that it discovered parts of its internal systems were affected by ransomware on May 4.