Illustration: Aïda Amer/Axios

At least 21 state and municipal government agencies in the United States this year were locked out of their own records and computer systems until they paid up, according to data disclosed to Axios by security company Emsisoft.

Why it matters: Ransomware attacks are among the most dangerous cybersecurity risks facing businesses and governments, Brett Callow, a threat analyst with Emsisoft, said. The threats cost the U.S. roughly $7.5 billion last year, the company estimates.

  • They work like this: The attackers encrypt a target organization's files so it is unable to operate computers, email or websites unless they pay.
  • Attackers are upping the danger with a new trend: Stealing their victims' data as leverage for payment, which began at the end of last year, Callow said.

What's happening: Local governments have succumbed to ransomware at a rate of one every other day since the start of 2020, Emsisoft estimates. Those attacks have resulted in interrupted 911 emergency services, closed schools, offline surveillance systems and states unable to issue or renew driver's licenses.

  • Yes, but: Callow said "there has been no noticeable increase at the rates at which governments have been hit," and this year's rate seems to be consistent with last year.
  • Ransomware attacks historically spike from March to May and then peak through the summer months, he said.
  • Emsisoft isn't sure why those spikes happen, but they are "possibly tied to Easter and summer vacation times" when fewer people are handling more emails that could include suspect attachments, Callow said.

Catch up quick: At least 10 police departments were targeted in 2019 and 2020, including the NYPD, reported in November, whose fingerprint database was hit.

  • Other targets reported this year include the Contra Costa County Library in California, the Albany County Airport Authority in New York, the New Mexico Public Regulation Commission, the Ernest N. Morial New Orleans Convention Center, the North Miami Beach Police Department, Belvidere City Hall in Illinois and Volusia County libraries in Florida.
  • In 2019, courts across Georgia had to reenter civil and criminal records because of an attack. They were among 113 government entities targeted, per Emsisoft.

Between the lines: "Organizations usually don't disclose how frequently they're attacked or what they're attacked by," Callow noted. "We only find out about the ransomware cases because they're very hard to hide, because they are so disruptive."

The bottom line: "It used to be said that backups are the best defense against ransomware," Callow said. "But, that's the not the case anymore. Backups obviously don't help you retrieve stolen data."

Go deeper: Choice to pay ransomware might be simpler than you'd think

Go deeper

Updated 3 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 7 p.m. ET: 12,859,834 — Total deaths: 567,123 — Total recoveries — 7,062,085Map.
  2. U.S.: Total confirmed cases as of 7 p.m. ET: 3,297,501— Total deaths: 135,155 — Total recoveries: 1,006,326 — Total tested: 40,282,176Map.
  3. States: Florida smashes single-day record for new coronavirus cases with over 15,000 — NYC reports zero coronavirus deaths for first time since pandemic hit.
  4. Public health: Ex-FDA chief projects "apex" of South's coronavirus curve in 2-3 weeks — Coronavirus testing czar: Lockdowns in hotspots "should be on the table"
  5. Education: Betsy DeVos says schools that don't reopen shouldn't get federal funds — Pelosi accuses Trump of "messing with the health of our children."

Scoop: How the White House is trying to trap leakers

Illustration: Sarah Grillo/Axios

President Trump's chief of staff, Mark Meadows, has told several White House staffers he's fed specific nuggets of information to suspected leakers to see if they pass them on to reporters — a trap that would confirm his suspicions. "Meadows told me he was doing that," said one former White House official. "I don't know if it ever worked."

Why it matters: This hunt for leakers has put some White House staffers on edge, with multiple officials telling Axios that Meadows has been unusually vocal about his tactics. So far, he's caught only one person, for a minor leak.

11 GOP congressional nominees support QAnon conspiracy

Lauren Boebert posing in her restaurant in Rifle, Colorado, on April 24. Photo: Emily Kask/AFP

At least 11 Republican congressional nominees have publicly supported or defended the QAnon conspiracy theory movement or some of its tenets — and more aligned with the movement may still find a way onto ballots this year.

Why it matters: Their progress shows how a fringe online forum built on unsubstantiated claims and flagged as a threat by the FBI is seeking a foothold in the U.S. political mainstream.