Ransomware Fallout: Jackson County Missouri Declares State of Emergency


April 3, 2024

World map

Jackson County, Missouri, Executive Frank White Jr. issued an executive order declaring a state of emergency and closed agency offices indefinitely in response to a ransomware attack.

Disrupted systems include those administering tax payments, marriage licenses, property tax assessments, and the county jail inmate search system.  

"We are currently in the early stages of our diagnostic procedures, working closely with our cybersecurity partners to thoroughly explore all possibilities and identify the root cause of the situation. While the investigation considers ransomware as a potential cause, comprehensive analyses are underway to confirm the exact nature of the disruption,” Ars Technica reports officials as stating.

"It is directed that all county staff are to take whatever steps are necessary to protect resident data, county assets, and continue essential services, thereby mitigating the impact of this potential ransomware attack."  

Takeaway: For the most part, ransomware operators are financially motivated, trying to cause as much pain, frustration, and publicity as possible because it translates into more dollars in their pockets through higher ransom demands.

But when the targets are the government, healthcare providers, or other critical infrastructure providers, we also cannot discount the potential dual nature of some ransomware attacks.

In this scenario, while the attackers may appear on surface to merely be serving themselves from a financial perspective, the targets selected may also further a larger geopolitical strategy for adversarial nations with established ties to the attackers.

The fact that ransomware attacks are considered as cybercriminal activity provides a convenient level of plausible deniability when the attacks are also serving a larger geopolitical strategy for a rogue regime like Russia.

We know that a good portion of ransomware operators participate in nation-state sponsored attacks in addition to their cybercriminal operations. There is also a good deal of evidence that nations like Russia may be influencing (or directly controlling in some cases) the targets that ransomware operators select (or do not select in some cases).

In this context, we can assess that while attacks like the one against Jackson County and similar attacks on dozens of other state and local governments were likely financially motivated, the attacks may also serve a dual purpose by furthering Russian geopolitical objectives – namely causing chaos and doubt in the US.

This is why it is imperative that the US government and allied nations who are the targets of these attacks need to differentiate a good portion of these attacks by classify them as nation-state sponsored terrorist acts.

Executive Order 13224 seems to be clearly applicable to some ransomware attacks, especially those against healthcare and other critical infrastructure providers:

“For the purpose of the Order, “terrorism” is defined to be an activity that (1) involves a violent act or an act dangerous to human life, property, or infrastructure; and (2) appears to be intended to intimidate or coerce a civilian population; to influence the policy of a government by intimidation or coercion; or to affect the conduct of a government by mass destruction, assassination, kidnapping, or hostage-taking.”

If we call these attacks what they are – terrorist attacks meant to instill fear and further geopolitical goals – then we unlock a whole range of new options for both offensive cyber and traditional military responses.

Ransomware attacks against critical infrastructure are a form of terrorism in and of themselves, and the fact that many of the attacks are so closely related to the geopolitical interests of adversarial nations like Russia means we can no longer address these attacks as merely criminal matters.

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.