According to an intelligence report issued by the Department of Homeland Security, one of the top 2020 election security concerns is ransomware. A report entitled “Cybercriminals and Criminal Hackers Capable of Disrupting Election Infrastructure”, echos concerns CISA head Chris Krebs articulate at the Black Hat security conference in early August. According to the report, the weeks leading up to the election are likely to be the highest risk for ransomware attacks:

“We assess that cybercriminals likely would have the greatest impact on election infrastructure by using ransomware to prevent access to state and local networks up to two weeks before the election, potentially disrupting election-related computers connected to affected networks. We base this assessment on the impact of ransomware on election-related local networks, the average network downtime caused by this malware, and the increase in such attacks against state and local government networks. Due to the interconnectedness of many state and local government networks, cybercriminals also may inadvertently disrupt portions of the elections infrastructure while targeting other areas of a network.

• Unidentified cyber actors in April 2020 used ransomware to compromise and exfiltrate over 2GB of data from the computers of a Virginia county administrator and voter registrar, requiring 30 bitcoin (~ $277,000 as of July 2020) to decrypt the files, according to FBI reporting.
• A ransomware attack against an Oregon county in January 2020 infected 45 servers and 50 workstations on its computer network, impacting the main file share server as well as the county’s short-term backup, according to FBI case information. The attack prevented voter registration personnel from conducting any actions requiring access because the internal network was taken offline for remediation.
• Ransomware caused an average downtime for impacted networks of 16.2 days in the fourth quarter of 2019, an increase from 12.1 days for the third quarter of 2019, according to an online article from a cyber company that tracks ransomware attacks. Atlanta’s government network still had a third of its 424 software programs offline or potentially inoperable three months after a March 2018 ransomware attack, according to a news site.
• Ransomware attacks in 2019 against state and local governments increased 153 percent compared to 2018, according to a Multi-State Information Sharing and Analysis Center report.”

The report further establishes Russia as a potential top adversary for the election.

“The US Government in December 2019 indicted and imposed sanctions on a Russian and a Ukrainian national for ransomware attacks against US entities, according to a Department of Justice indictment and a Department of Treasury press statement. The Department of the Treasury identified the Russian national as having worked for the Russian Federal Security Service (FSB). The Department of Justice in 2017 indicated two FSB officers and their criminal conspirators for compromising millions of Yahoo e-mail accounts, according to the same sources.”

About the Author

Matt Devost

Matthew G. Devost is the CEO & Co-Founder of OODA LLC. Matt is a technologist, entrepreneur, and international security expert specializing in counterterrorism, critical infrastructure protection, intelligence, risk management and cyber-security issues. Matt co-founded the cyber security consultancy FusionX from 2010-2017. Matt was President & CEO of the Terrorism Research Center/Total Intel from 1996-2009. For a full bio, please see www.devost.net