Security researchers have warned municipalities repeatedly about how they are being targeted with ransomware, that they are at high risk, and the need to make data security a high priority.

Municipalities are unfortunately only taking heed now that recent ransomware campaigns are in the news and bringing some municipalities to their knees [view related posts here and here].

All municipalities should be on high alert as the ransomware attacks are coming hard and fast. It doesn’t matter what size the municipality is or in which state it is located. Except that Florida municipalities were hit the hardest last week.

The city council in Riviera Beach, Florida unanimously voted to pay hackers $600,000 last week to recover records from a ransomware attack. It also agreed to spend close to $1 million on new computers and hardware.

This week, the Lake City, Florida mayor announced that it would pay hackers $460,000 to get its data back from intruders. The mayor said, “I would’ve never dreamed this could’ve happened, especially in a small town like this.” In fact, that type of municipality is an especially ripe target for hackers. Both incidents were caused by an employee who clicked on a phishing email that introduced the ransomware into the municipality’s system. Old tricks—new victims.

Municipalities complain that they don’t have sufficient resources to shore up and prioritize data security. With the recent high ransom requests and the cost of mitigating computer systems following an incident (it is reported that Baltimore spent over $10 million to recover from its ransomware attack), city councils and other governing bodies may wish to revisit the budget for data security before getting hit with a ransomware attack.