Cybersecurity experts have termed the year 2019 the 'the year of ransomware attacks on municipalities.' Researchers have observed that in 2019, at least 174 municipal institutions, with more than 3,000 subset organisations, were targeted by ransomware, representing a 60 per cent increase from the last year's figure.

Researchers reveal that ransomware demands would sometimes reach up to $5,000,000 but actual costs and damages sustained during attacks are estimated to be larger.

Researchers also found out that in 2019, India was among the top five countries targeted by ransomware. The malware that was most often cited as a culprit belongs to three families namely Ryuk, Purga and Stop. India was attacked by all three groups of ransomware and was targeted 5.84 per cent by Ryuk, 0.80 per cent by Purga and 10.10 per cent by Stop.

The year 2019 has also seen the rapid development in malware distributors targeting municipal organisations. Researchers note that while these targets might be less capable of paying a large ransom, they are more likely to agree to cybercriminals’ demands.

Issues with blocking municipal services are that in some cases, it affects the welfare of citizens and results, both financially and socially.

The ransom amounts reach up to $5,300,000 and $1,032,460 on average, the researchers note that these figures do not accurately represent the final costs of an attack, as the long-term consequences are 'far more devastating.'

"One must always keep in mind that paying extortionists is a short-term solution which only encourages criminals and keeps them funded to quite possibly return," says Fedor Sinitsyn, a security researcher at Kaspersky.

"In addition, once the city has been attacked, the whole infrastructure is compromised and requires an incident investigation and a thorough audit."

"However the better approach would be also investing in proactive measures like proven security and backup solutions as well as regular security audit," Sinitsyn added.

A recent ransomware incident in New Jersy highlights the severity of ransomware cyber-attacks that target government critical infrastructures include hospitals and medical facilities. Hackensack Meridian Health in New Jersey fell prey to a deadly ransomware attack. However, the details of the incident were disclosed a week after the attack.

The Hackensack Meridian Health, which happens to be the largest hospital system in New Jersy, decided to pay attackers' ransom demands to regain control over its system and avoid putting the lives of patients to risk by delaying care and treatment.