As if they didn’t have enough issues facing them, states, counties and municipalities face another major worry — having their computer systems hacked and held for ransom.

It’s been happening all over the country, and the scary part about it is that it can happen to any community, regardless of size.

Locally, the city of Allentown’s computer system was victimized by destructive malware called Emotet, and it cost more than $1.2 million to fix the problem.

In July, Luzerne County hired Sylint, a Florida-based managed security services provider to help recover from a malware attack that hobbled the county’s courthouse computers and rendered its property and assessment records inoperative for weeks.

This past May, Baltimore’s computer system was compromised to the tune of about $18 million.

All three refused to pay the attackers’ ransom demands. Two Florida cities did pay earlier this year. Officials in Lake City agreed pay the equivalent of $426,000, while those in Rivera Beach paid $600,000.

The payments or the costs of fixing the damage do not include the disruption and inconvenience to not only officials and their employees but also to taxpayers and those doing business with these governmental entities.

Other communities have paid ransoms, but, as you might imagine, they are reluctant to admit it for fear of having other hackers target them.

These unexpected expenses add to the financial challenges of cash-strapped communities.

At its summer meeting in Hawaii, the U.S. Conference of Mayors agreed not to pay ransom to hackers.

Officials in many communities are reluctant to talk about vulnerability and whether they have or plan to take steps to prevent these devastating types of cyber attacks.

If you think that the danger has passed, you are wrong, because as recently as last month (August), nearly two dozen communities in Texas were infected by ransomware.

Texas officials call this one of the largest coordinated attacks of its kind ever seen in our country.

Many of those affected are small communities that lack their own dedicated information technology security staff or individuals. In some instances, the communities outsource their systems, but, depending on the company or setup, these entities may not have the expertise to respond to such a significant and sophisticated attack.

Barracuda, an information technology firm, released the results of its study of the problem and found that smaller towns are often more vulnerable because they lack the technology or resources to protect against ransomware attacks.

The report said that nearly two-thirds of all publicly known attacks in the nation this year have been aimed at state and local governments.

It said that there have been 55 attacks from Jan. 1 through July 31; this does not include the 22 in Texas in August.

The study found that a quarter of the attacks involved communities of fewer than 15,000 residents, while nearly half were aimed at communities of fewer than 50,000.

While knowledge is power, this problem is far from over. “Will it happen again? It is happening again,” said James Globe of the Center for Internet Security at a conference for state information technology officials last month.

Even when communities get access to their networks again, they are finding that there is a loss of confidence in the ability of their systems to protect sensitive information or to handle basic services such as emergency communications, balloting, water and power.

It was not encouraging to hear Chris Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency say, “The business model for the ransomware operators for the past several years has proved to be successful.”

By Bruce Frassinelli | tneditor@tnonline.com