Jackson County, Missouri, was able to successfully ward off a recent ransomware cyberattack, carried out by a Russian hacker group on April 2, according to county officials.
County staff were unable to access networks and information tied to the tax payment, online property, marriage license and inmate search systems. According to Jackson County officials, it was a phishing scam that led to the ransomware attack.
The attack caused multiple county offices to close for several days, creating frustration for many residents.
“I had a truck that I needed to renew tags on for my business,” says Jackson County resident Stacie Matuszeski. “(My employee) had to park the truck because the tags were a week expired, and we had to pay them their insurance costs in order for them to drive the vehicle for business use.”
While the offices affected by the attack have reopened and no lasting damage was done, according to county officials, they see this as a sign of things to come.
“We can't rest on our laurels,” says County Administrator Troy Schulte, who praised the work of staff to quickly repair crippled systems. “We've got to continually ratchet up our defense for these kinds of attacks, which are going to occur often and with more regularity.”
Jackson County isn’t the only government organization in the Kansas City metro to have been targeted by cyberattacks. The Kansas City Area Transit Authority and the Kansas state court system were also hit in recent months.
Government offices at risk
These are just some of the latest and most highly publicized examples of what experts say is a growing number of cyberattacks against local and state government offices in the past few years. According to FBI data, cyberattacks against government offices rose by nearly 36% from 2022 to 2023.
“In 2022, 115 (attacks) were reported, ”says Cybersecurity Advisor Chris Cockburn. “In 2023 there were 156 made on government facilities. That's not specific to municipalities, but just shows in the government sector alone, we're seeing that increase.”
Cockburn works for the Cybersecurity and Infrastructure Security Agency, an arm of the U.S. Department of Homeland Security.
He says that cybersecurity is becoming a bigger concern as groups that perpetrate these attacks gain access to better tools and software. Government offices, he says, are the most ill-prepared.
“When I look at different (industries), healthcare versus financial versus government, state and local governments are not as well resourced,” says Cockburn. “They don't necessarily have the staff or the funding to increase their capability or skills to fully secure themselves.”
This lack of resources is often seen most at the city and county level, where he says smaller local governments are often lucky to have just a handful of dedicated IT staff and little money to hire contractors.
One highly publicized example of such vulnerability was in Texas in 2019, when 22 different smaller municipalities were struck by ransomware attacks. One of the reasons cited for the attacks’ success was the lack of available IT staff.
Another problem – outdated computer systems have made many larger cities prime targets for ransomware gangs.
Cockburn says he’s seen many municipalities in his region begin to take the threat of cyberattacks more seriously in the last five years. He’s seen many begin to update their systems to make themselves harder targets.
But he also hopes governments will invest in more training for staff, who often don’t know what cybersecurity threats look like.
“When we look at ransomware attacks, a lot of them are kind of like the low hanging fruit attacks,” Cockburn says. “Some users just aren't trained on identifying social engineering, things like phishing attacks. It’s simple things like that which make it easier for the attacker.”
Troy Schulte admits the county needs to work on training for staff, but says he’s proud of how much time and money the county has already put toward mitigating cybersecurity threats.
“We have spent literally millions upgrading our technology, putting in better cybersecurity protections and backing up our data in secure locations,” says Schulte. “As a result, the attack, while disruptive, did not do lasting damage. No confidential taxpayer data was breached.”
He believes the limited damage from the attack shows that the investments the county has made are paying off.
“I think we proved to the cyber attack market we're not a soft touch, but we don't want to take it for granted,” Schulte says. “The cost of information technology services is only going to get more expensive in the county.”
This story used quotes sourced through KCUR's texting services. If you have questions about texting with KCUR, you can find more information here.