Ransomware attacks are straining local U.S. governments and public services, the FBI said in a separate statement.
They are the second most vulnerable group behind the academy, based on victim incident reporting to the FBI last year, it says in its report, which was issued on Wednesday.
Referring to an unidentified independent research team commissioned by a UK-based company, the message said that correcting ransomware attacks “often included financial liabilities related to downtime, staff time, unit costs, network costs, lost opportunities and, in some cases, paid ransomware.”
The survey also found that local authorities were least able to prevent encryption and restore from backups and had the second highest percentage of paying ransomware compared to other critical infrastructure sectors.
“The FBI does not encourage payment of ransom,”; which “does not guarantee that files will be restored,” the statement said. It said it encourages local authorities to proactively initiate contingency planning if there is a ransomware attack that makes systems inaccessible.
Its recommendation includes keeping all operating systems and software up to date; implement user training programs and phishing exercises; requires a strong, unique password for all password login accounts; requires multifactor authentication; maintain offline backups of data; ensure that all backed up data is encrypted; secure and monitor remote desktop protocols or other potentially risky services if you use remote desktop protocols; protect cloud storage by backing up to multiple locations; and if you are using a Linux operating system, you are using an in-depth Linux security module.