Ransomware seen as possible saboteur in November election
Ransomware attacks targeting state and local governments have been on the rise.
WASHINGTON — Federal authorities say one of the gravest threats to the November election is a well-timed ransomware attack that could paralyze voting operations. The threat isn’t just from foreign governments, but any fortune-seeking criminal.
Ransomware attacks targeting state and local governments have been on the rise, with cybercriminals seeking quick money by seizing data and holding it hostage until they get paid. The fear is such attacks could affect voting systems directly or even indirectly, by infecting broader government networks that include electoral databases.
Even if a ransomware attack fails to disrupt elections, it could rattle confidence in the vote.
On the spectrum of threats from the fantastical to the more probable, experts and officials say ransomware is a particularly realistic possibility because the attacks are already so pervasive and lucrative. The FBI and Department of Homeland Security have issued advisories to local governments, including recommendations for preventing attacks.
“From the standpoint of confidence in the system, I think it is much easier to disrupt a network and prevent it from operating than it is to change votes,” said Adam Hickey, a Justice Department deputy assistant attorney general.
The scenario is relatively simple: Plant malware on multiple networks that affect voter registration databases and activate it just before an election. Or target vote-reporting and tabulation systems.
“With the 2020 election, election infrastructure has a target on its back,” Colorado Secretary of State Jena Griswold said. “We know that election infrastructure was attempted to be undermined in 2016, and we know the techniques are shifting.”
The number of attacks has escalated in recent years, with targets including Texas’ transportation agency and city computers in New Orleans. A December report by cybersecurity firm Emsisoft tracked attacks against at least 966 entities that interrupted 911 services, rendered medical records inaccessible and hindered police background checks.
“We’re seeing state and local entities targeted with ransomware on a near daily basis,” said Geoff Hale, a top election security official with Homeland Security’s Cybersecurity and Infrastructure Security Agency.
Steps taken to improve security of voter registration systems after the 2016 election could help governments fend off election-related ransomware attacks. They’ve also acted to ensure they can recover quickly in the event of an attack.
Colorado, for example, stores redundant versions of its voter registration data at two separate secure locations so officials can easily shift operations. Backups are regular so the system can be quickly rebuilt if needed.
Even so, ransomware is an added concern for election officials confronting staffing and budget constraints while preparing for a shift from in-person voting to absentee balloting because of the pandemic.