NASHVILLE, Tenn. (WKRN) — Imagine losing $1.6 million to a stranger with little to no chance of ever catching the thief. That’s the reality and unfortunately the average amount cybercriminals are stealing and it is devastating to local entities, often to the point of financial ruin.

The Tennessee Comptroller of the Treasury plays a big role in keeping these municipalities safe. The comptroller’s office has a wide range of responsibilities, including annual audits of state agencies, colleges, universities and local governments in Tennessee.

“As long as there have been computers there’s been those bad apples out there that have wanted to gain unauthorized access to computer systems,” said Jim Arnette, Director of the Division of Local Government Audit. “These bad apples want to disrupt your operations they want to get your data and they want to steal your money.”

The state comptroller’s primary role related to cybersecurity involves state and local government entities, two of the biggest targets for ransomware attacks.

Tech Republic found municipal governments were subject to 45% of ransomware attacks in the past 12 months, and the other two sectors leading were healthcare with 22%, and education with 15%

The report also cites an increase in the demands of ransomware attackers, with the average payment in the past 12 months being $1,652,666, leaving many victims unable to financially recover.

“A lot of the ransomware you’re seeing today is not only requiring a ransom to get access to your data but it’s also requiring a ransom to keep that cybercriminal from releasing data to the public,” said Arnette.

Ransomware is a virus on your computer that will typically send you a message to let you know your data has been locked or encrypted. It will often require you to pay ransom in order to gain access to your own data.

In recent years, several Tennessee cities have fallen victim to phishing and ransomware attacks, with the Tennessee Comptroller’s Office launching COT Cyber Aware, a new initiative to educate and inform local government employees about cybersecurity.

The COT Cyber Aware website includes many resources to help local government officials protect their computer systems and educate staff about potential threats. The Comptroller’s Office is also able to provide in-person training for Tennessee’s local governments.

“As part of our annual audits, we have a team of IT specialists that will go in and review the controls there in place over a computer system and as part of those review we are making sure that county employees are aware of cyber threats and that they have been working with their software vender or IT personal to identify risks of those associated with attacks,” said Arnette, adding that unfortunately, it’s more about preparation than it is prevention.

“These cyber attacks originate overseas in other countries its very difficult to track down cyber criminals best thing you can do is be prepared as you can to respond to a cyber attack when it does occur,” said Arnette.

Vulnerability and dangers continue to threaten home computers and phones everywhere. See what you need to do to stay safe from ransomware attacks in our Special Reports ‘Cyberattacks Hitting Home’ all day Tuesday on WKRN News 2 in every newscast and on

Four things the Comptroller’s office recommends local governments do when it comes to cybersecurity are as follows:

  1. Make sure staff goes through cyber security awareness training.
  2. Keep virus detection software up to date.
  3. Have a good system back-up in place so you can restore data following an attack.
  4. Purchase cyber security insurance.