Government Ransomware Is Everyone’s Problem

Apr 6, 2017 Lazarus Alliance 0 Comment

Over the past year, the healthcare industry has been battered by an epidemic of ransomware attacks. The problem has become so ubiquitous that it is making its way into works of fiction: A ransomware attack on a hospital in a major city is the focus of an upcoming episode of the NBC drama Chicago Med. However, a new study by security ratings firm BitSight reveals that the number-one target for ransomware is the education industry, followed by the government sector. In fact, BitSight reports, government ransomware attacks have tripled over the past 12 months.

Among the recent high-profile government ransomware attacks that have grabbed headlines:

In January, hackers installed ransomware on a police closed-circuit surveillance camera network in Washington, D.C., disabling 70% of the cameras only eight days prior to President Donald Trump’s inauguration.
In March, ransomware disabled the IT network used by the Pennsylvania State Democratic Caucus, locking 16 senators and their staff out of the system and throwing the caucus’s website offline.
In late January, several local government offices in Ohio were hit by ransomware, including a county police force and 911 center, forcing the 911 center to operate in manual mode and lengthening emergency response times.
A new twist on government ransomware has recently been targeting public sector organizations in the Middle East; instead of being instructed to pay a ransom to unlock their networks, victims are being extorted to post inflammatory public statements against various political figures.

Why the Public Sector is Being Targeted

Government agencies are attractive ransomware targets for many of the same reasons medical facilities and schools are. Their networks store and process reams of highly sensitive data; public sector employees suffer from the same lack of security training and awareness that plagues the private sector; and an inability to access a government network could put people’s lives at stake, as in the case of the 911 center in Ohio.

Government bureaucracy exacerbates the problems. While it may not be easy for IT personnel at a private-sector corporation to convince the C-suite they must invest in cybersecurity improvements – just ask anyone who worked at Yahoo! – nailing down an appropriate security budget can be even more difficult at a government agency. Not only must public-sector IT employees argue their case to their bosses, but also, the general public, the taxpayers whose money will be used to fund these improvements, have to be convinced. As the Pew Research Center recently found, very few Americans have even a fundamental grasp of cybersecurity risks and best practices, creating a situation where elected figures are asking their constituents to fund services they do not fully understand and may not see a need for. The government machine also tends to move very slowly; public sector agencies have always been notorious for being years behind the private sector in adopting new technologies.

Not surprisingly, BitSight ranks the government sector second-to-last in its security ratings.

Cybersecurity is Not a Partisan Issue

There are some bright spots in the fight against government ransomware and other cyber attacks against the private sector. Virginia Governor Terry McAuliffe (D) has made cybersecurity the focal point of his chairmanship of the National Governors Association. The association’s winter meeting in February put a heavy emphasis on the need for state and federal governments to work together to improve their cybersecurity postures.

Government ransomware attacks are not a partisan issue, and there is no such thing as an agency that is “too small” to be victimized. A series of small cyber attacks could be employed by terrorists to create confusion and distraction as part of a much larger real-world terrorist attack. Attacks against the public sector, whether a federal government agency or a local police department, are a matter of public safety. They are everyone’s problem. Waiting until an attack happens and attempting to clean up the mess doesn’t work in the private sector, and it certainly doesn’t work when critical infrastructure, such as a 911 system, is hampered or disabled. Government agencies of all sizes must take the ransomware threat seriously and employ proactive cybersecurity measures to prevent their systems from being victimized.

The cybersecurity experts at Lazarus Alliance have deep knowledge of the cybersecurity field, are continually monitoring the latest information security threats, and are committed to protecting organizations of all sizes from security breaches. Our full-service risk assessment services and Continuum GRC RegTech software will help protect your organization from data breaches, ransomware attacks, and other cyber threats.

Lazarus Alliance is proactive cybersecurity®. Call 1-888-896-7580 to discuss your organization’s cybersecurity needs and find out how we can help your organization adhere to cybersecurity regulations, maintain compliance, and secure your systems.

Glowing Neon malware sign on a digital projection background.

What Is Autonomous Malware?

We’re reaching the end of 2025, and looking ahead to 2026, most experts are discussing the latest threats that will shape the year ahead. This year, we’re seeing a new, but not unexpected, shift to autonomous threats driven by state-sponsored actors and AI. With that in mind, a new generation of threats, broadly known as...Continue reading→

Stay ahead of federal and industry security alerts with Lazarus Alliance. Featured

What CISA’s Emergency Directive 26-01 Means for Everyone

In mid-October 2025, the CISA issued one of its most urgent orders yet: Emergency Directive 26-01. The directive calls on all Federal Civilian Executive Branch (FCEB) agencies to immediately mitigate vulnerabilities in devices from F5 Networks following a state-sponsored breach of F5’s systems and access to portions of BIG-IP source code and vulnerability data. The event...Continue reading→

Make sure that your software is secure with or without AI. Trust Lazarus Alliance. featured

Cybersecurity and Vetting AI-Powered Tools

A recent exploit involving a new AI-focused browser shone a light on a critical problem–namely, that browser security is a constant issue, and AI is just making that threat more pronounced. Attackers discovered a way to use that browser’s memory features to implant hidden instructions inside an AI assistant. Once stored, those instructions triggered unwanted...Continue reading→

Manage identity security and compliance with a trusted partner in Lazarus Alliance. featured

Identity and the Shift from Malware

The world of cyber threats is rapidly evolving, and while we can see these changes more generally, it’s always crucial to understand them concretely. As the 2025 CrowdStrike Global Threat Report shows us, the landscape of our industry is changing. We’re digging into this report to discuss a challenging trend: the move of hackers foregoing...Continue reading→

Harden security against new AI attack surfaces. Work with Lazarus Alliance. featured

Maintaining Compliance Against Prompt Injection Attacks

The increasing adoption of AI by businesses introduces security risks that current cybersecurity frameworks are not prepared to address. A particularly complex emerging threat is prompt injection attacks. These attacks manipulate the integrity of large language models and other AI systems, potentially compromising security protocols and legal compliance. Organizations adopting AI must have a plan...Continue reading→

Stay ahead of CMMC changes with Lazarus Alliance. Featured

Are We Already Talking About CMMC 3.0?

The ink has barely dried on the CMMC final rule, and already the defense contracting community is buzzing with speculation about what comes next. Just when contractors thought they had a moment to catch their breath after years of regulatory limbo, whispers of CMMC 3.0 have begun circulating through the industry. But is this just...Continue reading→

Lazarus Alliance helps enterprises manage identity security and data governance.

Centralizing Identity-Based Risk

As the traditional network boundary dissolves and remote work becomes standard practice, identities are the major frontier for security. Whether we’re talking about human users, service accounts, or machine identities, these have emerged as both the primary access mechanism and the most targeted attack vector. It has become imperative for providers to centralize identity management...Continue reading→

FedRAMP Authorization assessments from Lazarus Alliance. featured

Deviation and Significant Change Requests in FedRAMP: A Comprehensive Guide

FedRAMP provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services used by federal agencies. While the program’s rigorous baseline requirements ensure consistent security, the reality is that this consistency calls for a little flexibility. This is where deviation requests and significant change requests come into play. These two...Continue reading→

Get expert monitoring and security support with Lazarus Alliance featured

The Costs of Compliance and Data Breaches

Data is possibly one of the most valuable assets any organization holds. Customer information, employee records, and proprietary business intelligence present challenges because the data flowing through modern enterprises represents both significant opportunities and serious risks. Businesses face a challenging balance: investing in compliance measures to protect sensitive information while also preparing for the real...Continue reading→

Audit & Compliance Awareness Continuum Cybevisor Policies & Governance Risk Management Services

Cyber Insurance Market Full of Uncertainty and Skimpy Coverage

Mar 22, 2017 Lazarus Alliance 0 Comment

Cyber Insurance Coverage: a Brave, Uncertain New World for Insurers and Policyholders

Despite the escalating intensity and frequency of cyber attacks, fewer than 1/3 of U.S. businesses have purchased cyber insurance policies. A recent report by Deloitte provides insight into why organizations are deciding to go without cyber coverage, as well as why many insurers are hesitant to offer the coverage on a large-scale basis.

According to a recent report by Deloitte, Demystifying Cyber Insurance Coverage, cyber insurance policies represented only $1.5 to $3 billion out of a total of $505.8 billion in premium revenues generated by U.S. carriers in 2015. Further, only about 29% of organizations had even purchased a policy as of October 2016. Just 40% of Fortune 500 companies have coverage. Even companies that do have policies may have “skinny” coverage that will leave them high and dry if they ever do file a claim; just ask fast-casual restaurant chain P.F. Chang’s, which found out the hard way that its cyber insurance policy did not cover millions of dollars in liabilities to credit card issuers in the wake of a POS breach.

Why is cyber coverage so spotty? It’s easy to point fingers at insurers, policyholders, or both. After all, insurance companies do not make money from paying claims; they make money from collecting premiums and paying claims only rarely. When a policyholder files a claim, whether it’s for a roof repair or a ransomware attack, the insurer will look for every reason not to pay out. At the same time, both the public and private sector are guilty of not taking cybersecurity seriously; from Yahoo to Major League Baseball to the U.S. Secret Service, organizations keep getting breached, yet they also keep behaving as though a major cyber attack will never happen to them.

While these are valid issues, the cyber insurance situation is not that simple. Deloitte’s report identified numerous obstacles in the path of both insurance companies that wish to sell policies and organizations that wish to buy them. Specifically, insurers struggle with:

A lack of historical data, making it difficult or impossible to build reliable predictive models.
The dynamic nature of cybersecurity, where brand-new threats are emerging literally daily.
The potential for “catastrophic accumulation” of claims if a nationwide or worldwide cyber attack brings down hundreds or thousands of claimants simultaneously; for example, if cyber terrorists were to strike the nation’s power grid, or a major website host is taken down.
“Tunnel vision,” which causes insurers to primarily focus on policies that protect insureds against the theft of personal identifying information (PII); not all organizations handle PII, and the threat landscape includes DDoS attacks, ransomware, and other attacks that can cripple an organization but do not involve the compromise of PII.

On the other side, policyholders are plagued by:

Not fully understanding their cyber risks or insurance options; similar to the situation with health insurance, many organizations feel they don’t “need” cyber insurance or require only bare-bones policies.
Erroneously thinking that they are already covered because another insurance policy, such as a general liability or business interruption policy, does cover some degree of cyber risk.
An inability to effectively compare policies due to a lack of standardization, another issue that seen in the individual health insurance market; buyers are unable to make “apples to apples” comparisons.
A legal landscape that is as dynamic as the threat environment; what is and isn’t covered by an insurance policy can be hard to determine, and insureds fear having to duke it out with insurance companies in court.

Cyber Insurance Is Not a Replacement for Proactive Cybersecurity

Organizations that wish to purchase cyber insurance policies cannot go it alone. They must enlist expert help from cybersecurity professionals, not only to make sense of potential policies but also to evaluate their risk environments and determine what type of coverage they need. Because the cyber risk environment is continually evolving and changing, cyber coverage should be reviewed annually; a policy an organization purchased two years ago may no longer meet its needs.

Just as homeowners’ insurance is not an excuse to keep your doors unlocked or leave food cooking on the stove unattended, even a robust cyber insurance policy is not a replacement for proactive cybersecurity measures. Insurance policies will always contain exclusions, especially in cases where the insured was negligent in some manner, claim payouts will never be immediate, and insurance policies cannot repair damage to an organization’s reputation.

The cybersecurity experts at Lazarus Alliance have deep knowledge of the cybersecurity field, are continually monitoring the latest information security threats, and are committed to protecting organizations of all sizes from security breaches. Our full-service risk assessment services and Continuum GRC RegTech software will help protect your organization from data breaches, ransomware attacks, and other cyber threats.

Lazarus Alliance is proactive cybersecurity®. Call 1-888-896-7580 to discuss your organization’s cybersecurity needs and find out how we can help your organization adhere to cybersecurity regulations, maintain compliance, and secure your systems.