As I write this, there have been 54 publicly reported ransomware attacks against state and local governments around the world in 2024. The publicly reported part is important because the real number, as always, is likely much higher.

On the surface, this seems like good news. In all of 2023 there were 256 publicly reported attacks on state and local governments, so extrapolating first quarter numbers we should end the year at 216, a drop from 2023.

My concern is with the way the attacks have been accelerating in 2024. Take a look at Figure 1. We’ve seen a steep incline in the number of attacks, and we are seeing that incline earlier than in previous years. While January started off relatively slow with 13 attacks, we saw 19 in February and 22 so far in March (there is often a delay in reporting, so we’ll likely see March’s numbers trending up.

In particular, February and March’s numbers are worrying because they represent the highest and second highest numbers, respectively, recorded in those months (see Figure 2).

This likely indicates that we are in a rough year for ransomware attacks on State / Local / Tribal governments, combined with the added threats from an election year could mean an all out assault on local governments worldwide.

And, as Figure 3 demonstrates, it isn’t just one group. The 54+ attacks have been carried out by 20+ different groups. So, there is a lot of attention being paid to local governments by many ransomware groups.

CISA and other government agencies are working to help shore up defenses of local and tribal governments, but it may not be enough.