On Dec. 5, a warning from vendor Deloitte alerted the state government of Rhode Island that RIBridges, its online social services portal, was the potential target of a cyberattack. By Dec. 10, Deloitte confirmed the breach. On Dec. 13, Rhode Island instructed Deloitte to shut down the portal due to the presence of malicious code, according to an alert published by the state government.Brain Cipher, the group claiming responsibility, is threatening to release the sensitive data stolen in the attack, potentially impacting hundreds of thousands of people, according to The New York Times.State and local government entities, such as RIBridges, are popular targets for ransomware gangs. They are repositories of valuable data, provide essential services, and are often under-resourced. What do we know about this attack so far and the ongoing cyber risks state and local governments face?The Brain Cipher AttackRIBridges manages many of Rhode Islands public benefits programs, such as the Supplemental Nutrition Assistance Program (SNAP), Medicaid, and health insurance purchased on the states marketplace. Deloitte manages the system and Brain Cipher claims to have attacked Deloitte, BleepingComputer reports.We are aware of the claims by the threat actor. Our investigation indicates that the allegations relate to a single client's system, which sits outside of the Deloitte network. No Deloitte systems have been impacted, according to an emailed statement from Deloitte.Related:The information involved in the breach could include names, addresses, dates of birth and Social Security numbers, as well as certain banking information, according to the RIBridges alert.Rhode Island Governor Daniel McKee (D) issued a public service announcement urging the states residents to protect their personal information in the wake of the breach.Based on the information that's being put out there by the governor about the steps you can take to minimize the fallout of this, that tells me that they're unlikely to be paying the ransom, says Truman Kain, senior product researcher at managed cybersecurity platform Huntress.Brain Cipher appears to be a relatively new ransomware gang. We've tracked five confirmed attacks so far, including this one. Two others have been on government entities as well: one in Indonesia and one in France, Rebecca Moody, head of data research at Comparitech, a tech research website, tells InformationWeek.In June, the ransomware group hit Indonesias national data center. It demanded an $8 million ransom, which it ultimately did not receive. In August, it posted Runion des Muses Nationaux (RMN), a public cultural organization in France, to its data leak site, alleging the theft of 300GB of data, according to Comparitech.Related:In addition to these confirmed attacks, there are 19 unconfirmed attacks potentially linked to Brain Cipher, according to Moody. It is unclear how much the group may have collected in ransoms thus far.It's always really difficult to know when people have paid because, obviously, if they pay they [threat groups] shouldn't really add them to the data leak site, and obviously, companies are very reluctant to tell you if theyve paid a ransom because they think it leaves them open to future attack, says Moody.Ransomware Attacks on GovernmentGovernment remains a popular target for threat actors. They are vulnerable because they are a key service for people, and they can't afford downtime, says Moody. It is one of the sectors that we've seen a consistently high number of attacks.Between 2018 and December 2023, a total of 423 ransomware attacks on US government entities resulted in an estimated $860.3 million in downtime, according to Comparitech. For 2024, Comparitech tracked 82 ransomware attacks on US government agencies, up from 79 last year.Related:Of the 270 respondents in the state and local government sector included in The State of Ransomware in State and Local Government 2024 report from Sophos, just 20% paid the initial ransom demand. States such as Florida, North Carolina, and Tennessee, have legislation limiting or even prohibiting public entities from paying ransom demands.That doesnt necessarily mean threat actors will avoid targeting government entities. Even if a threat group cannot successfully extort a victim, it can still sell stolen data to the highest bidder. Ransoms are probably higher than what they would get for leaking the data. It depends on how much data is stolen though and the value of that data, says Moody.Regardless of whether a government agency pays when hit with ransomware, it still must deal with the disruption and fallout.While cybersecurity threats to local and state governments are highly publicized, funding continues to be a stumbling block. Just 36% of local IT executives report that they have adequate budget to support cybersecurity initiatives, according to the 2023 Local Government Cybersecurity National Survey from Public Technology Institute.While budgets may be limited, cybersecurity cannot be ignored, Kain argues.I think its kind of an excuse for state and local governments to say, Oh, well we just don't have the budget. So, cybersecurity is an afterthought, he says. Things should really start from a cybersecurity perspective, especially when you're dealing with sensitive data like this.State and local government agencies can focus on cybersecurity basics, like enabling multi-factor authentication, regular security awareness training for staff, and vulnerability patching. It's those key things that don't necessarily cost a lot, says Moody. Also [be] prepared for the inevitable because no one's immune to them [attacks].