The threat of ransomware attacks continues to be a major concern for government agencies in the United States, but they seem to be better prepared to handle them in 2020; this is the gist of a report prepared by Emsisoft, an information security firm that specializes in malware mitigation. Compared to 2019, federal and state agencies that have been hit with ransomware attacks are reacting with greater efficiency, thus reducing operational damage and service disruption.

From early January until the end of April, only 128 public agencies including governance, healthcare, and school districts were negatively impacted by ransomware attacks. When compared to the same period in 2019, which resulted in more than 900 attacks with a loss of $7.5 billion, things look much better. It should be noted that the coronavirus pandemic has sent many public sector employees home, but those who have been telecommuting have actually observed greater online safety measures. Hackers have been actively targeting employees who work from home, but they seem to be less successful compared to the damage they are able to inflict when they target the same workers at their office workplace.

The traditional ransomware attack consists of breaking into an enterprise network and encrypting all files before delivering a ransom demand to be paid in cryptocurrencies such as Bitcoin and Monero. Government agencies in the U.S. have implemented secure data backup methods to avoid having to make ransom payments; however, hackers have changed their modus operandi with a dash of blackmail. A cybercrime organization known as DoppelPaymer has been copying entire directories from servers and figuring out how much sensitive data they possess. With this information in hand, the hackers threaten companies, particularly police departments, law firms, and banks, with publication if ransom payments are not delivered.

IT security specialists at Emsisoft see a couple of problems with the current state of American government agencies with regard to preventing ransomware attacks. On one hand, backups are often not tested and lack proper security; on the other hand, private data centers storing backups are being attacked too easily and do not practice redundant storage for greater security.