While 2021 certainly had some attention-getting ransomware attacks, a new report from anti-virus software company Emsisoft found that ransomware attacks dropped in 2021 for both state and local governments (SLGs) and educational organizations.
Though 2021 may have been an improvement over 2020, ransomware attacks still impacted 77 state and municipal governments and agencies and 1,043 schools. The report found that the attacks were disruptive, costly, and were the cause of at least 118 data breaches, most of which resulted in sensitive information being posted online.
In discussing its SLG findings, the report found that 113 governments were hit in 2019 and 2020. Meaning, the 77 attacks in 2021 represent a 32 percent drop in successful ransomware attacks.
Additionally, the report found that while major cities such as Baltimore and Atlanta were hit with ransomware attacks in previous years, 2021 showed cybercriminals generally having more success with smaller municipalities and counties. “This could be an indication that larger governments have used their larger budgets wisely and shored-up their defenses,” the report concluded.
While the number of attacks did decrease, Emsisoft pointed out that at least 36 of the 77 incidents resulted in data breaches, including incidents involving police departments and a state attorney general, and “saw extremely sensitive information being released online.”
Pivoting to education, the report found that a total of 88 education sector organizations were impacted by ransomware in 2021, including 62 school districts and 26 colleges and universities. In total, the attacks disrupted learning at 1,043 individual schools.
Emsisoft explained that the numbers were almost identical in 2020, with 84 incidents impacting 58 districts and 26 colleges and universities. However, the number of schools impacted was significantly greater in 2020, clocking in at 1,681. Meaning that the average number of schools impacted by each incident decreased from 20 in 2020 to only 12 in 2021. As with SLG, the report concluded that this decrease may signal that “larger organizations are using their larger budgets wisely.”
The report also added that data was stolen in at least 44 of the 88 incidents, resulting in sensitive information relating to employees and students being released online.