In a private industry notification (PIN) dated Wednesday but released to the public Thursday, the FBI warned local governments and government services that ransomware would likely "strain" their capabilities if not prevented.
"In the next year, local US government agencies almost certainly will continue to experience ransomware attacks, particularly as malware deployment and targeting tactics evolve, further endangering public health and safety, and resulting in significant financial liabilities," the FBI wrote.
In recent weeks, cyber spillover from the Russian war of aggression in Ukraine has occupied the front of mind for many defenders in critical industries. The FBI PIN is a reminder to keep an eye on the longer-standing problem of ransomware, as well.
The alert anonymously lists four instances of cyber actors disrupting governance dating back to January 2021, each instance spaced around four months from the last. The FBI reporting is abridged, with other instances having been publicly reported, as well.
In the alert, the FBI reiterates its stance that victims decline payment of ransom demands and, whether payment is made or not, alert the FBI. It also lists fairly standard techniques to prevent catastrophes before they start. Those include contingency planning, password management, network segmentation, training, patching and backups.
"Ransomware attacks against local government entities and the subsequent impacts are especially significant due to the public’s dependency on critical utilities, emergency services, educational facilities, and other services overseen by local governments, making them attractive targets for cyber criminals," notes the alert.