LEXINGTON, Ky. — Local governments and agencies are responding to warnings from the FBI that ransomware cyberattacks have the potential to disrupt essential services and business as tensions escalate between the United States and Russia over the invasion of Ukraine.

What You Need To Know

  • Russia's invasion of Ukraine has heightened tensions

  • Cyberattacks feared in response to sanctions

  • Local governments and businesses receive warning from the FBI

  • Lexington and Louisville have plans in place

FBI cybersecurity official David Ring told business and local government leaders this week that there is no specific credible threat but as the U.S. tightens sanctions against Russia, a cyber threat response in retaliation is possible.

About 74% of all money made through ransomware attacks in 2021 went to Russia-linked hackers. Researchers say more than $400 million worth of crypto-currency payments went to groups “highly likely to be affiliated with Russia,” according to a report by the BBC.

Susan Straub, director of communications for the office of Lexington Mayor Linda Gorton said the city has been advised by Homeland Security to implement the “Shields Up” initiative, which is a recommendation by the Cybersecurity and Infrastructure Security Agency (CISA) that all organizations adopt a heightened posture for cybersecurity and protecting their most critical assets.

“CISA, the FBI and National Security Agency encourage the cybersecurity community — especially critical infrastructure network defenders — to adopt a heightened state of awareness, conduct proactive threat hunting, and implement the mitigations identified in the joint Cybersecurity Advisory,” according to a press release about Shields Up. “CISA recommends network defenders review CISA's Russia Cyber Threat Overview and Advisories page for more information on Russian state-sponsored malicious cyber activity. CISA recommends critical infrastructure leaders review CISA Insights: Preparing For and Mitigating Potential Cyber Threats for steps to proactively strengthen their organization’s operational resiliency against sophisticated threat actors, including nation-states and their proxies.”

Chris Seidt, director of information technology for the Louisville Metro Government, said most cyberattacks lead to some sort of disruption.

“Certainly cyber warfare is a thing countries probably have to be aware of,” he said. “It can disrupt not just city operations but also affect the supply chain or services citizens need, maybe delivered by the city or by private businesses, so there are definitely ways to cause chaos. Ask the people in Atlanta that tried to pay their water bill for four months after they experienced a ransomware attack a few years ago. It's very disruptive.”

Seidt added that any time ransomware hits an organization, there's probably going to be some prolonged impact.

“There are nation-state actors that have very robust hacking teams that are highly skilled, and certainly Russia falls into that wheelhouse of being highly skilled at infiltrating other systems,” he said. “I think we’re all just on heightened awareness not for any particular threat, but just heightened alert overall and looking for anomalies, because the one thing a good hacker will do is pivot through other systems they've already compromised. You can't just count on the attack coming straight to you from a known bad actor. A lot of times, they'll compromise a different organization or come from a different path that you weren't expecting. So we just tried to stay diligent and keep an eye on things the best we can.” 

Aside from a few malware-tainted emails being opened, Seidt said the city of Louisville has not been the victim of any ransomware attacks, but it is not for the lack of trying.

“We have had no kind of experience with ransomware, but our security team identifies attempts to get into our network regularly,” he said. “We're always adapting and defending against that.” 

Seidt added the FBI not only suggested governments, agencies and organizations be on heightened alert but also passed on indicators of compromise, such as known malicious IP addresses and file names so the city could tune its defense systems to prepare for them.

The FBI report also called on the U.S. private sector to be prepared for potential state-sponsored cyberattacks to be launched by Russia. The Liaison Information Report (LIR) from Feb. 20 was attributed to the FBI Office of Private Sector.

“The FBI Cyber Division, in coordination with the FBI's Office of Private Sector (OPS), prepared this LIR to inform the private sector about the threat of Russian state-sponsored advanced persistent threat (APT) cyber activities, while tensions with Russia are heightened,” according to the report. “The FBI is engaging in efforts to support the U.S. response and to secure the homeland from any Russian actions; historically, Russian state-sponsored APT cyber activities increase when tensions are high with Russia.”