Henry Country, Illinois, fell victim to a ransomware attack during March 2024. This was triggered by the activities of the Medusa ransomware group. This group of malicious actors is one of the smaller cybersecurity outfits; nevertheless, diminutive stature in the cyber world still means that damage can be inflicted.
Since the Alphv/BlackCat and LockBit takedowns, smaller Ransomware as a Service (RaaS) groups are attempting to recruit displaced affiliates.
According to The Record, the cyber-incident prompted county officials to seek assistance from law enforcement and government cybersecurity agencies in investigating the incident amid ongoing efforts to restore affected systems.
Looking into the issue for Digital Journal is Nick Tausek, Lead Security Automation Architect at Swimlane.
Tausek begins by presenting the details of the cybersecurity incident: “Henry County, Illinois, became the latest victim of cyberattacks targeting local governments. The ransomware attack, which occurred on March 18, was claimed by the Medusa Ransomware group.”
Tausek next builds up a picture of a succession of cyberattacks on local government infrastructure within the U.S., noting: “This marks the fourth cyberattack on local governments disclosed in March alone. Earlier this week, the city government of Jacksonville Beach, Florida, revealed a January cyberattack claimed by the LockBit ransomware group impacted nearly 49,000 residents. Similarly, the city of Birmingham, Alabama, reported a network outage in early March that is still causing disruptions in government services. A cyberattack that occurred last weekend in Pensacola, Florida, is also causing widespread phone outages across city departments.”
As to the form of attack, ‘ransomware’ springs to mind as Tausek considers: “While it is not confirmed whether all of these attacks involve ransomware, there is a clear trend of threat actors targeting local governments given their trove of sensitive personal data.”
A reason for such municipal vulnerability is under-investment in technology at the local level. Tausek observes: “Local governments’ cybersecurity departments tend to be underfunded and, as a result, ill-equipped to handle the rapidly expanding threat landscape. Between a shortage of available talent at the salaries local governments can afford and the insufficient funds for tooling compared to enterprise and national governments, they remain a strong target for threat actors.”
To address this, radical change is required. As an example, Tausek puts forwards: “These local governments must take the necessary precautions to mitigate these threats. Proactive cybersecurity measures include a strong incidence response plan.”
Furthermore, Tausek recommends: “This plan should include a centralized platform for detection, investigation and response to threats. The use of a security automation platform also allows cybersecurity teams to streamline monitoring and reduce response times, facing these threats with complete visibility.”
