CISA boosts anti-ransomware messaging for local government

The federal cybersecurity agency said the new campaign is aimed at preventing cyberattacks against K-12 school systems and organizations battling COVID-19.
megaphone illustration
(Getty Images)

Coming off another year in which ransomware actors battered local government networks, the Cybersecurity and Infrastructure Security Agency on Thursday announced a new public awareness campaign aimed at repelling future incidents.

Speaking at an online event hosted by the U.S. Conference of Mayors, Brandon Wales, CISA’s acting director, said the agency plans to more aggressively promote the documents and other resources it uses to counter ransomware incidents, especially those targeting K-12 school systems and organizations involved in the response to COVID-19, like health care organizations.

Those entities, he said, “have the unenviable role right now of being so indispensable and so vulnerable.”

While some observers labeled 2019 “the year of ransomware” for its high number of attacks against state and local governments, 2020 — according to some industry estimates — managed to be worse, as criminal actors continued to target cities, towns and school districts, and embraced more severe extortion tactics.


The K-12 sector continued to be hit especially hard: One ransomware attack against public schools in Hartford, Connecticut, delayed the start of the new academic year, while another in Baltimore County, Maryland, forced officials to cancel online classes just before the Thanksgiving holiday. And some students and teachers in Fairfax County, Virginia, had their personal information published online when officials there refused to pay.

The health sector has also been hammered, especially as the pandemic worsens and vaccine distribution begins. Actors using the Ryuk malware in particular have focused on hospitals, potentially forcing treatments like chemotherapy and mammograms to be delayed.

“Cybercriminals know state and local governments are vulnerable, and they’re taking advantage of those vulnerabilities,” Wales said during the Conference of Mayors event.

The CISA campaign will include a new page on the agency’s website that directs visitors to the agency’s offerings regarding ransomware, such as a detailed guidebook it developed last year with the Multi-State Information Sharing and Analysis Center, and other fact sheets and infographics it publishes regularly. It also includes information on how governments can enlist CISA’s technical services, including the Malicious Domain Blocking and Reporting service it funds through the MS-ISAC, and its scanning and monitoring capabilities.

“Only by disrupting this business model do we have a chance at removing this scourge,” he said.


Wales told mayors listening into the event that they should engage more with their cybersecurity officials.

“Get to know your CISO,” he said. “Get to know the protocols they will put in place to preserve continuity of services.”

He also plugged the recent passage of the DOTGOV Act, which encourages state and local governments to migrate their web presences to the federally administered .gov top-level domain and also puts CISA in charge of the of the program.

“All aspects of .gov have cybersecurity significance,” Wales said, referring to some of the domain’s standard features like multi-factor authentication and continuous monitoring.

Latest Podcasts