Carl Mazzanti
Ransomware remains a persistent threat, but proactive prevention, continuous monitoring and tested response plans can keep your agency prepared.
In 2024, ransomware continued to impact US local governments, with the average recovery cost for affected municipalities reaching $2.83 million. Nearly all attacks – 98 – resulted in data encryption, forcing many cities to adopt multifaceted recovery strategies, including both backup restoration and ransom payment.
Ransomware is a type of malware which locks a victim’s data and the cybercriminals keep the data locked until a ransom is paid, usually in hard to trace Bitcoin.
High-profile incidents, such as the City of Columbus, Ohio, where 3TB of data was stolen and released on the dark web after a ransom demand, highlight the ongoing threat ransomware poses to local government operations.
A “security incident” made the Syracuse, NY, police department shut down its computer system early this year. This event highlighted the rising threat of cyberattacks on law enforcement agencies. In July alone, there were 25 possible ransomware incidents which targeted law enforcement and other sectors, according to published reports.
Other attacks included an August announcement of a “Business Email Compromise” (BEC) breach at the North St. Paul, MN, police department.
In a BEC, attackers often impersonate trusted high-level officers. They try to trick employees into making wire transfers or sharing sensitive data. Following the attack, the city announced it would hire cybersecurity experts to investigate the breach.
US law enforcement agencies continue to see a disturbing rise in sophisticated cybersecurity ransomware attacks and other threats. However, public safety agencies which partner with an experienced Managed Services Provider (MSP) can reduce these risks. An MSP can partner with public safety agencies to implement employee training and AI-driven cybersecurity solutions, enhancing the protection of your systems, networks and data. A comprehensive training program equips staff to recognize emerging threats and respond effectively, while AI technologies continuously monitor for risks, provide real-time alerts and contain incidents before they escalate.
Key elements of employee training will most likely include:
- Awareness Programs – Periodic awareness programs teach employees about common cyber threats. In addition to ransomware, these threats include phishing and social engineering.
Phishing occurs when attackers send emails which appear to come from trusted organizations, aiming to trick recipients into sharing sensitive information such as passwords or credit card details.
Social engineering involves phone calls or video chats which seem to come from a trusted coworker. These communications often ask for sensitive information.
Well-designed employee awareness programs help staff members recognize suspicious activities and report them promptly.
- Simulation Exercises – An MSP can conduct training which allows employees to experience real-world cyberattack scenarios in a controlled environment. These exercises help identify weaknesses in an agency’s system and improve response strategies.
A simulated ransomware attack can teach employees the risks of clicking on suspicious links and demonstrate the appropriate steps to take if they encounter an actual attack.
- Policy and Procedure Training – An MSP can train employees on cybersecurity rules and procedures, so they recognize the importance of adhering to best practices. This includes using strong passwords, regularly updating software and avoiding suspicious links. Regular training sessions can reinforce these practices and keep employees informed about the latest security protocols.
Artificial Intelligence (AI) is a strong tool in the fight against cyber threats. AI-based cybersecurity solutions can provide numerous digital advantages for law enforcement systems.
- Real-time Threat Detection – AI algorithms can quickly analyze large amounts of data. They help find unusual patterns and possible threats. This enables law enforcement agencies to respond to attacks swiftly and mitigate damage.
- Automated Incident Response – AI can speed up the incident response process which helps to quickly contain and fix threats. Automated responses can include isolating affected systems, blocking malicious IP addresses and alerting security personnel.
- Predictive Analytics – AI can predict potential cyber threats by analyzing historical data and identifying trends. This proactive approach allows law enforcement agencies to strengthen their defenses before an attack occurs.
- Enhanced Data Security – AI can enhance data security by monitoring access to sensitive information and detecting unauthorized attempts to access or modify data. This ensures that only authorized personnel can access critical information.
A Multilayered Defense Delivers Protection
A key idea is that defending against ransomware and other attacks requires multiple actions. Your agency’s initiative should involve the whole organization; the effort should be ongoing and continuously managed.
Using a multilayered approach will enhance your defense. A basic defense will begin with strong password security policies. This prohibits short, easily guessed passwords.
Passwords should be long – at least 15 characters. They should include uppercase letters, lowercase letters, numbers, and symbols. Your users should avoid using words which are in a dictionary. They should also avoid using names of people, characters, products, or organizations.
Change your passwords regularly. Each new password should be different from your old ones. Passwords should also be easy for the user to remember, but difficult for others to guess. Consider using a memorable phrase like “6MonkeysRLooking^.”
Another option is to use a password manager. This software helps users create strong passwords and stores them in a digital vault protected by one master password. Users can retrieve their passwords when logging into accounts.
Automate software patch downloads to ensure they are installed promptly, keeping vendor protections and updates up to date.
And, keep in mind that antivirus software alone is not sufficient to protect digital devices like desktops, laptops and smartphones. Instead, an effective anti-ransomware strategy will include features like MultiFactor Authentication (MFA).
With MFA, users must verify their identity beyond just a password. This can mean entering a code received on their phone. Only then are they allowed access to an account or application.
A complete file backup solution is another important component of a strong defense. This would include cloud-based or offsite storage which will help you restore your data if a cyberattack is successful.
An incident response plan – a written strategy which explains how your agency will find and respond to cybersecurity attacks – is also key to a multilayered defense. Such a plan shows how to recover from a cyberattack and will help reduce the impact of ransomware attacks and other threats, ensuring your agency will continue to run smoothly.
The ABCs of a Ransomware Attack
Ransomware attacks typically begin with reconnaissance, where attackers use automated bots and other tools to collect information about a target, including the names and ranks of key officials and details of their recent activities.
These details will enable the attacker to create convincing messages which are sent to the target through email, phone or video calls. The goal is to get the target to perform an action, such as clicking on an infected file which will download malware onto your system. Once this occurs, your data will be encrypted and your access to it will be blocked. At this stage, the attacker will demand a ransom to restore access and may also threaten to disclose sensitive information publicly, as was the case in Columbus, OH.
Even if a ransom is paid, there is no assurance that the attacker will restore access to your data and sensitive information may still be exposed publicly. Additionally, paying a ransom can mark an organization as a vulnerable target, increasing the likelihood of future attacks.
Fortunately, even the most sophisticated ransomware attacks often leave detectable indicators. These signs can reveal that an attack is imminent or already underway, highlighting the importance of continuous Security Information and Event Management (SIEM). A 24/7 Security Operations Center (SOC) further strengthens your defense.
SIEM serves as a critical cybersecurity layer, collecting and monitoring data to alert your team if hackers or other cybercriminals are probing your agency. This enables law enforcement and cybersecurity partners to detect and respond to threats more quickly and effectively
When SIEMs were initially developed, their cost was prohibitive, limiting adoption to large organizations. Advances in technology have since reduced these expenses, making SIEMs a feasible component of security solutions for mid-size and smaller law enforcement agencies.
Once malicious and unusual activity is detected, it must be analyzed. Skilled security engineers can assess alerts and offer full incident response guidance.
Along with this, a good Security Operations Center (SOC) service combines real-time automated monitoring with expert analysis which is available 24/7. SOC response teams use best practices to handle threats and can work remotely or on-site.
Adding additional cybersecurity layers will help to further reduce your attack surface or vulnerable areas. For example, all of your devices should have a thorough cyber risk assessment. They should also be equipped with trusted and proven endpoint security protection.
Your agency might also consider limiting access to your website using geo-blocking. This allows agencies to block access from certain countries which helps to prevent nation-state hackers from accessing your systems. For example, if your agency does not interact with Russia, China or North Korea – where many threats originate – you can block those nations from your network.
Training Is Vital
Good security awareness training can reduce the occurrence of risky behavior, like clicking on attachments without first checking to ensure they are safe. Security awareness training will also help prevent associates from visiting unsafe websites which may have malware.
One of the strongest defenses is to think like an attacker. Cybercriminals target vulnerabilities in law enforcement systems, so your agency should do the same. Penetration tests simulate attacks, using the same techniques as hackers to uncover and address security gaps.
The cybersecurity landscape in 2025 presents significant challenges for US law enforcement agencies. The rise in sophisticated ransomware and other cyberattacks underscores the need for robust security measures. A combination of employee training and AI-backed solutions play a crucial role in safeguarding public safety systems.
Carl Mazzanti is president of eMazzanti Technologies (emazzanti.net) in Hoboken, NJ, providing IT consulting services for businesses ranging from home offices to multinational corporations, municipalities and police departments.