US Government Flags 2020 Election Ransomware Threat

Written by

The US government is looking to bolster protection for voter registration databases ahead of the 2020 Presidential election, fearing state-sponsored ransomware attacks, according to reports.

An unnamed official told Reuters that dynamic lists of eligible voters are a “high risk” for attack as they’re one of the few pieces of election infrastructure regularly connected to the internet.

They were also probed by Russian hackers en masse in the years preceding the previous election.

A Senate report out last month claimed that Kremlin hackers had most likely infiltrated voting systems in all 50 states but that local state officials were not sufficiently pre-warned or given the resources needed to deal with sophisticated attacks.

It warned that if Russia’s preferred candidate fails to prevail in 2020, hackers could seek to de-legitimize the result.

Election officials are concerned that ransomware could be spread to lock down the vital lists which are used to check eligibility of voters. As these are regularly updated throughout the year, incomplete lists could disenfranchise potentially large numbers of voters, casting doubt on the result of the poll.

Ransomware has been used by Russia before, in the NotPetya attack of June 2017 in which Ukrainian government institutions were targeted. That particular strain wasn’t technically ransomware at all, however, as victims had no chance to get their data back.

“Recent history has shown that state and county governments and those who support them are targets for ransomware attacks,” Christopher Krebs, director of the Cybersecurity Infrastructure Security Agency (CISA), told Reuters. “That is why we are working alongside election officials and their private sector partners to help protect their databases and respond to possible ransomware attacks.”

The news comes after months of successful ransomware attacks on US cities, including Baltimore, Atlanta, several in Florida and most recently 23 local government entities in Texas.

What’s hot on Infosecurity Magazine?