Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Public sector ransomware is a problem—in part because “a shocking amount of government organizations are willing to pay” the ransoms that criminals behind the attacks ask for, according to ExtraHop senior strategic advisor Sarah Cleveland.
Cleveland, a former cyber colonel in the Air Force—where she had a decades-long, commander-level career—sees ransomware attackers as terrorists, she said.
“You’re holding the American people hostage in the way that you’re demonstrating and creating chaos…so to me that feels like a terror attack,” she told IT Brew.
And negotiating with cyber gangs who make these attacks should be seen the same way as terrorists, Cleveland added.
Still, the federal government often pays ransomware attackers, a hotly contested decision when the White House has publicly considered banning paying ransoms in concert with its allies in the International Counter Ransomware Initiative.
“Fundamentally, money drives ransomware and for an individual entity it may be that they make a decision to pay, but for the larger problem of ransomware that is the wrong decision,” Anne Neuberger, deputy national security advisor for cyber and emerging technologies, told the crowd at a May event for the Institute for Security and Technology’s Ransomware Task Force.
Despite that effort, government agencies are ponying up the cash. ExtraHop found in its April Global Cyber Confidence Index that in 2023, 24% of government sector leaders reported paying the ransom “about half of the time,” 39% paid “most of the time,” and 12% paid every time. It’s not often news, Cleveland said, because the ransoms tend to be around $2.5 million. It’s a large number for most of us, but a rounding error to entities like the federal government.
Ransomware is more than just a problem for the public sector. In its survey, ExtraHop found that 91% of affected ransomware-attacked organizations paid in 2023, up from 82% in 2022 and 73% in 2021.
“The number of organizations never having paid a ransom has significantly decreased in a shocking downward trend,” ExtraHop noted. “In the 2022 survey results, 28% of respondents never paid the ransom, compared to 17% in 2023 and 9% in 2024.”
The downward trend doesn’t fill Cleveland with a lot of confidence for pushing back against ransomware gangs.
“It’s not gonna get better,” she said. “It’s proven profitable as civilian organizations as well as government organizations pay the ransom.”