Cyberattacks on Government Skyrocketed in 2021

Over the past several years, cybersecurity researchers (including those at SonicWall) have noted a growing shift away from the “spray-and-pray” tactics that dominated much of the past decade, to a more targeted “big-game hunting” approach.

We’ve seen the effects of this strategic transition for a little while, as attackers have increasingly looked for targets that would cause the most disruption, that would have the most valuable information, and so on. And accordingly, in 2021 cybercriminals focused a lot of their attention on local, state and federal governments.

The year’s headlines offered snapshots of this trend, as threat actors launched attacks on a diverse set of targets including the governments of Indonesia and Israel, India’s prime minister, Belgium’s ministry of defense, Australia’s government-owned telecommunications systems, and multiple U.S. defense firms.

But a look at the exclusive threat data from the 2022 SonicWall Cyber Threat Report tells a larger picture about when, how and how much government customers are being targeted as compared with those in other industries.


In 2021, global ransomware volume skyrocketed, rising 105% year over year. But while “The Year of Ransomware” spared no country, region or industry, the stats were particularly grim for those in government. Ransomware attempts among government customers rose a staggering 1,885% — more than double the increase seen in healthcare (+755%), education (152%) and retail (21%) combined.


For 2020 to 2021, global malware — affecting all customers across all regions and industries — fell 4%. But among government customers, malware actually increased 94%. The percentage of SonicWall customers targeted further highlights this rise: Each month, an average of 19.6% of government customers saw a malware attempt.

Government devices were increasingly attacked last year, as well. In 2021, IoT malware increased 6% globally — but among government customers, these attacks spiked 46%. Government customers were second only to those in education in terms of how likely they were to see an attempted attack, with an average of roughly 9% of customers targeted by IoT malware each month.


Unfortunately, IoT malware attacks aren’t the only way that cybercriminals leverage government customers’ devices against them. Cryptojacking, a type of attack in which cybercriminals use a victim’s device to mine cryptocurrency without their knowledge or consent, also spiked last year, buoyed by record-high cryptocurrency prices.

Global cryptojacking volume in 2021 jumped 19% year-over-year, reaching the highest point ever recorded by SonicWall Capture Labs threat researchers. But this jump disproportionately affected those involved in government: Cryptojacking attempts on government customers rose 709% in 2021.

Governments Fight Back

But as cyberattacks on government continued to increase in 2021, efforts at the state, federal and local level increasingly turned to strengthening defenses . At least 45 U.S. states considered their own cybersecurity bills in 2021, up 18% from 2020. And many of their cybersecurity efforts were bolstered by the passage of a historic U.S. infrastructure bill in November 2021, which included $1 billion for state, local, tribal and territorial cybersecurity.

Advances were made at the federal level, as well. U.S. President Joe Biden signed an executive order in May 2021 aimed at modernizing the government’s response to cyberattacks, joining Japan, Australia, Germany and countless other countries in passing measures to improve national security in 2021.

Biden reiterated his commitment to cybersecurity, particularly concerning the nation’s infrastructure, in a statement last week:

“From day one, my administration has worked to strengthen our national cyberdefenses, mandating extensive cybersecurity measures for the federal government and those critical infrastructure setors where we have authority to do so, and creating innovative public-private partnerships and initiatives to enhance cybersecurity across all our critical infrastructure.

“My administration will continue to use every tool to deter, disrupt and, if necessary, respond to cyberattacks against critical infrastructure,” Biden said.

As part of the United States’ increased focus on cybersecurity, the Department of Justice in June announced the formation of its Ransomware and Digital Extortion Task Force, increasing the resources and personnel available for pursuing cybercriminals. As a result of the efforts made by this task force and other enforcement agencies, members of the REvil ransomware gang, the Trickbot group, the DarkSide ransomware group and more were brought to justice in 2021.

Ransomware Infects 23 Texas Government Agencies

The Texas Department of Information Resources (DIR) announced that 20-plus state agencies have been infected by ransomware.

In an Aug. 17 update, DIR stated that “the evidence gathered indicates the attacks came from one single threat actor” and “investigations into the origin of this attack are ongoing; however, response and recovery are the priority at this time.”

“Ransomware is not going to subside anytime soon,” said SonicWall President and CEO Bill Conner. “It’s too easy to demand and receive ransom payment without the risks associated with traditional data exfiltration. Until organizations are serious about ransomware protection, these types of wide-reaching ransomware attacks will, unfortunately, continue.”

According to ZDnet, the “infection is blamed on strain of ransomware known only as the .JSE ransomware.”

Texas is hardly the first state to be the victim of coordinated attacks against municipalities. The last 12 months have seen ransomware attacks bring city services to a halt, including those in Arizona, Florida, Georgia, Indiana, Maryland, Nevada, New York and more.

Ransomware escalates again

Ransomware continues to be one of the most lucrative cyberattack options for criminals. According to the mid-year update of the 2019 SonicWall Cyber Threat Report, ransomware volume raced to 110.9 million in the first half of 2019 — 15% year-to-date increase over 2018.

Exclusive SonicWall data highlights an escalation in ransomware-as-a-service (RaaS) and open-source malware kits in the first half of 2019. As more RaaS and open-source options are available, the volume and ferocity of ransomware attacks will only increase.

RaaS is no different than any legitimate cloud-hosted service used by businesses every day. Instead of buying software, criminals subscribe to a service delivery model to reduce CapEx, always have the latest ransomware offerings, gain predictable pricing and receive support. While there are only so many bona fide malware authors creating new ransomware, these services will ensure cybercriminals have plenty of variants to purchase or obtain freely on the Dark Web.

Bill Conner: We Need a ‘Single, Comprehensive National Cybersecurity Strategy’

Some call him vocal. Others say he has passion.

But no matter your preferred adjective, there’s no mistaking Bill Conner’s unwavering commitment toward improving cybersecurity policy in the U.S.

After witnessing a year of high-profile breaches and a number of well-intentioned strategies, Conner penned a new opinion piece for The Hill, “Two cybersecurity policies, one clear new objective,” which outlines next steps for policymakers.

Conner, SonicWall’s president and CEO, applauds their direction. But he also feels some parts are disjointed and there should be better focus on integrating the government’s newest pair of policies: the National Institute of Standards and Technology (NIST) Small Business Cybersecurity Act and the National Cyber Strategy of the United States of America.

“What we have learned from the numerous breaches in the public and private sectors is that the foundation of the internet is a digital supply chain that must be defended from end to end …”

Bill Conner
SonicWall President & CEO

“What we have learned from the numerous breaches in the public and private sectors is that the foundation of the internet is a digital supply chain that must be defended from end to end; the smallest player has proven to be an effective entry point for mischief,” Conner outlined on The Hill.

The digital supply chain isn’t discussed enough. Business isn’t conducted in disparate networks or environments. Organizations big and small are virtually linked through contracts, partnerships, agreements and an untold number of networks. This means that cybercriminals can attack smaller organizations to gain lateral access to their true targets — often large enterprises or government agencies.

“To deliver robust, cost-effective cybersecurity strategies for small- and medium-sized businesses (SMB), enterprises and government agencies, we must align both sets of guidelines to create a single, comprehensive national cybersecurity strategy,” said Conner, who co-chaired the Corporate Governance Task Force of the U.S. Department of Homeland Security National Cybersecurity Partnership, helped unveil the INTERPOL Global Smart eID Card and addressed the United Nations on global challenges in cybercrime.

To move toward that objective, Conner prescribed three key transformations for the U.S. government, which are outlined in his featured commentary on The Hill.

IT Security Done Right Enables State and Local Governments

News reports about new data breaches have become an all too frequent occurrence.  But cyber attacks can’t and don’t stop state and local governments from getting on with the business of governing. It’s easy to fall into a state of paralytic fear about attacks and data breaches, but in the meantime, state and local governments need to deliver the services their citizens rely upon, and continue to leverage technology to expand and improve those services.

If IT security is viewed as a defense mechanism by government, and even by security professionals themselves, government doesn’t work at well as it needs to.  A more productive attitude is to view security as an enabler of ongoing and new information technology efforts, providing a secure foundation for governments to take advantage of new technologies, provide employees and citizens with the ability to access the services they need from any device, and most importantly, streamline and improve those services.

In other words, we at SonicWall want to help state and local government IT security to become the Department of Yes. Making this change in viewpoint, doing security the right way, is the subject of the Government Computer News article, Take a Positive Approach to Security.

In the article, SonicWall’s Ken Dang goes into detail on how to accomplish this. Improving protection of government assets needs to be coupled with improving legitimate access to resources, which in turn improves efficiency, a key consideration for resource-constrained IT departments. Ken discusses a contextual approach to access, in which requests are evaluated based on a case by case basis, with the particular user’s specific requests placed in the context of the time and place of the request itself.

For the contextual approach to be effective, access information needs to be shared among all the different security devices and solutions throughout the government’s IT.  It’s important to have the proper tools to do this – which we’re happy to provide –but it requires breaking down organizational silos, getting people used to the idea that security is done better when the groups responsible for the many different aspects of security cooperate and communicate.

Contextual security particularly mandates this relationship when it comes to networks and user identities. Without transparency and full awareness between the two, the opportunity to improve overall security posture becomes a lost opportunity. But when government IT embraces that transparency and awareness, and leverages its capabilities by inspecting every packet on the network, even encrypted packets (which bear an increasing share of attack exploits) – that’s the path to security done right.

Add up all the above, couple it with our cost-effective, easy to install, SonicWall next-generation firewalls and other network security solutions, and IT security for state and local governments moves away from being an obstacle and towards being an enabler of better, more effective and responsive government.