The University of South Florida’s School of Information, in collaboration with Cyber Florida, has published an analysis of reported ransomware attacks in Florida Ransomware Incididents 16-19, that shows the majority of victims were government organizations. The report is first in a continuing series on cybersecurity topics to be published by Cyber Florida and researchers at various State University System of Florida (SUS) institutions.
In this instance, the report found that of the 18 ransomware incidents its authors reviewed, 14 targeted municipalities, counties, and other public services, and 11 of those took place in 2019, reflecting a surge in ransomware attacks targeting civic institutions across the nation in 2019. According to USF School of Information Clinical Professor of Information Security & Intelligence and Cyber Florida Executive Director Mike McConnell, VADM, USN, Ret., former director of U.S. National Intelligence and the National Security Agency, “Cybercriminals began targeting cities, school districts, and similar public services in earnest in 2019, with significant increases in the frequency of attacks and the amount demanded. These organizations are targeted because in part because the services they provide are so vital to citizens, making them even more vulnerable to cyber-based ‘shutdowns’ for ransom, but we hope reports like this will provide government leaders with greater insight into how they can prevent or mitigate these kinds of attacks.”
The analysis was led by Ryan Haggard, a graduate student in the M.S. in Intelligence Studies (MSIS) program in the USF School of Information, under the supervision of Dr. Steve “Scuba” Gary, Associate Professor of Practice, and relies on publicly available information and reflects their personal views. Some key takeaways from the report include:
- Public sector organizations comprised 78% of ransomware victims between 2016 and 2019
- 50% of Florida organizations refused to pay cyber-related ransoms
- 22.2% of Florida organizations agreed to pay the requested amount
- In 27.8% of cases, the outcome was not publicly reported
The report includes an in-depth analysis of the targets, the suspected perpetrators, and the tactics used to infiltrate systems and conduct the attacks. The information gathered is useful for ransomware researchers and security analysts looking for patterns and commonalities among targets and tactics to aid in preventing future attacks.