Over 40 Municipalities Have Suffered Ransomware Attacks This Year, Including Several in Massachusetts

Lawmakers' Letter Comes During Massachusetts Cybersecurity Week

Text of the Letter (PDF)

Boston, MA - United States Senators Elizabeth Warren (D-MA) and Edward J. Markey (D-MA), along with Representatives Richard E. Neal (D-MA-01), James P. McGovern (D-MA-02), Stephen F. Lynch (D-MA-08), William Keating (D-MA-09), Joseph P. Kennedy III (D-MA-04), Katherine Clark (D-MA-05), Ayanna Pressley (D-MA-07) and Lori Trahan (D-MA-03), sent a letter to the U.S. Department of Homeland Security (DHS) regarding the growing number of ransomware attacks targeting communities nationwide, and urging DHS to broaden its existing efforts assisting state, local, tribal, and territorial (SLTT) governments' responses to these attacks. The lawmakers' letter, which comes during National Cybersecurity Awareness Month and as the Commonwealth of Massachusetts hosts its first Cybersecurity Week, follows a series of cyberattacks in cities and towns across Massachusetts.

Ransomware, "malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid," is an increasingly difficult, dangerous, and expensive problem for SLTT governments across the country. According to the United States Conference of Mayors, "at least 170 county, city, or state government systems have experienced a ransomware attack since 2013" -- 22 of which took place in the first half of this year alone.

In their letter, the lawmakers expressed concern with the rise in these attacks-which target police departments, transit systems, hospitals, libraries, courts, schools and numerous other government offices -- and listed several that have taken place in Massachusetts in recent years.  

"The rise in these attacks is particularly disturbing because, in addition to the financial loss tied to data restoration efforts and to the disruption of operations and critical infrastructure, municipalities are at risk of losing important and sensitive data that are crucial to their function, and because ransomware attacks can disrupt vital emergency and other first responder services," the lawmakers wrote in their letter.

Officials in Leominster, Massachusetts were forced to "pay $10,000 to a suspected ring of international hackers" in April 2018, after a ransomware attack paralyzed the city's public school system. Two months ago, the Athol, Massachusetts Police Department "lost a lot of records" after refusing to pay tens of thousands of dollars to hackers that infiltrated its computer network, and in the same month, the City of New Bedford was victim to a ransomware attack when a virus infected over 150 of the city's computers and hackers demanded payment equivalent to $5.3 million through Bitcoin.

While the lawmakers commended DHS's Cybersecurity and Infrastructure Security Agency (CISA) for recognizing the urgency of protecting municipalities from cyberattacks and launching a program to protect voter registration databases from ransomware attacks, they urged DHS to continue its outreach to SLTT governments and asked the agency to brief their offices on its ongoing efforts to limit these attacks.

The lawmakers also asked DHS to detail existing agency grants and programs available for SLTT governments to obtain help protecting themselves, as well as what -- if any -- additional authority or resources DHS needs to better assist these governments in preventing and fighting future ransomware attacks. The lawmakers asked the agency to respond by October 31, 2019.