Last year, it was Atlanta that was brought to its knees by a ransomware attack, sending the city reeling for weeks. This year, it was Baltimore’s turn. The ranks of municipal ransomware victims looks very different.
These are some of the American cities to fall victim to ransomware attacks over the past several months:
- LaPorte County, Indiana
- Jackson County, Georgia
- Riviera Beach, Florida
- Lake City, Florida
- Vigo County, Indiana
- Augusta, Maine
Have you ever heard of any of those places? Perhaps you’ve heard of one or two, but what do they all have in common? They are relatively obscure, non-marquee destinations.
According to the US conference of mayors, ransomware attacks have hit at least 170 county, city, or state government systems since 2013, and 22 of those attacks occurred in the first half of 2019.
Smaller cities are particularly vulnerable
Martin Minnich, professor of California Cybersecurity Institute Program Manager at California Polytechnic State University-San Luis Obispo, tells Smarter MSP there’s a reason why these smaller cities are attractive targets. Big cities have the skills and the teams in place to typically ward off such attacks.
“Smaller municipalities do not have a shortage of skilled personnel, but they are so busy with day-to-day triage, that they may fall behind on patching and other preventative maintenance,” details Minnich.
Another interesting and troubling trend: ransom demands are getting higher despite the targets being smaller.
There was outrage in Atlanta last year over the attackers’ demands for $67,000. That, however, is chump change compared to the $400,000 that Jackson County forked over to get their systems up and running.
Jackson County manager Kevin Poe told a local Georgia newspaper, “We had to make a decision on whether to pay. We could have been down for months and spent as much or more money trying to get our system rebuilt.”
That is exactly what hackers are (literally) banking on. Hackers are demanding enough money to make the operation very lucrative, but low enough that cities will just pay, rather than hassle with trying to clean up the mess themselves.
#Hackers are demanding enough money to make the #ransomware operation lucrative, but low enough that cities will just pay, rather than try to clean up the mess themselves.
While Minnich is not a fan of cities paying the ransom (“It just encourages bad behavior.”), he also adds that if 911 services are down for days or weeks, just paying might be your best option.
“$400,000 may be a discount,” concedes Minnich.
Minnich’s advice for cities that use managed service providers to maintain their networks is to modify their contracts to cover beefed up cybersecurity.
“Everyone is looking for the best value and lowest price,” states Minnich.
In addition to tailoring service contracts to cover security, there needs to be a more muscular federal response to the spate of municipal ransomware demands.
“There needs to be a national conversation,” says Minnich, as many of the efforts now are piecemeal and patchwork, relegated to vendor-specific, and state-specific solutions.
Protect core functions
Minnich notes that municipalities and their MSPs need to work together to identify their core, mission-critical functions and allocate the most security dollars to protecting those. No need to give dog license information the same protection as clean water and 911 services. Partition off the most critical data and functions and keep all city employees in good cyber hygiene.
Municipalities and their #MSPs need to work together to identify their core, mission-critical functions and allocate the most #CyberSecurity dollars to protecting those.
“Let your team do what they need to do so they can protect core functions,” instructs Minnich. If something is unprotected, a patch outdated, or a firewall not degraded, “they will find it,” says Minnich of the hackers who are constantly probing for weaknesses.
Many of the attacks are originating from Eastern Europe. Ryuk and RobbinHood seem to have displaced WannaCry and others as the tool of choice at the moment. Ryuk is what wreaked havoc in Jackson County, Georgia.
Despite all the efforts to thwart attacks, Minnich is not overly optimistic in the short term.
“It will get worse before it gets better because it is working for the hackers. As long as it is working, they’ll continue to do it,” predicts Minnich. While cities have proven to be attractive targets, corporations have been quietly battling this for years.
“Make no mistake about it, this is happening to corporations and not being reported. This is happening globally, and there is a lot of money being moved around,” explains Minnich.
Photo: dibrova / Shutterstock