City after city is taking the sucker punch in public coffers. You would think that your local government would be more aware of the dangers of ransomware and be more prepared to block it. That they would have a plan to recover from an attack. Not so. Hackers are having ball taking your tax dollars from cities and counties that fail to implement adequate cyber security measures. The result is millions of dollars in damage and millions more to pay off the hackers.
Did you hear about the ransomware the hit the City of Atlanta? Or how about the City of Baltimore…twice! And those are just two of the big cities this year. Last year it was Denver CO., and Washington, D.C. And the list just goes on and on. City after city paying good tax payer money to hackers. Why does this keep happening?
First of all there is the simple reason of being unprepared and unaware of the threat. Which is no excuse. Baltimore was hit twice by hackers in a year! This cost the city over $20 million dollars. What did they learn from the first attack? No enough obviously.
Most cyber attacks can be traced back to poor cyber security training more than a technology failure. In many cases its the employee that launches the ransomware attack by clicking on something they shouldn’t. Usually email links or attachments. Humans are the weakest link in the cyber security chain.
In the case of Lake City, FL a ransomware attack cost the city over $400,000 in Bitcoin to get back their files. The city fired the Director of IT after an employee downloaded an infected document from an email. The ransomware infected the city’s computer network making it useless. The city paid the hackers and are in the process of getting back to normal.
Another reason that cities end up paying the hacker is because they fail to have adequate back up. Data is precious and the hackers know it. Cities that fail to back up their data are helpless once they get hit. Many say that do not have a budget for back up storage. Well you can bet that Lake City will have a budget for IT security and back up very soon.
Budgetary constraints are a common problem in many municipalities. The sad fact is that these cities cannot afford not to have a cyber security budget.
Another issue is the cost of cyber insurance vs. cost of recovery vs. paying the hackers. If the hackers control millions of dollars of data after an attack and are only asking for a few hundred thousand dollars then the math is simple. Even the annual cost of cyber insurance maybe more than paying the hackers. There have even been reports that some cities have an emergency budget of bitcoins just in case they are hit by an attack. Good thinking? I’ll let you decide.
Another interesting facet of the problem as reported by ProPublica is that some forensics firms, claiming to break the grip of a ransomware attack, are really just paying the ransom and passing the cost onto their customers.
If you think the problem is solved after paying the ransom you’re wrong. Depending on how merciful or mean the hacker is you may get the decryption key, you may not., Sometimes the hackers ask for more money or simply disappear. leaving you with nothing but a locked up computer network.
The FBI has some advice in case you get hit by ransomware. Hackers are getting rich by attacking municipal networks. Paying them just validates the business model and the attacks continue. Whether you pay or not is completely the up to the company or city. Its not unheard of for the hacker to attack the same target twice.
“After systems have been compromised, whether to pay a ransom is a serious decision, requiring the evaluation of all options to protect shareholders, employees and customers,” the FBI says. “Victims will want to evaluate the technical feasibility, timeliness and cost of restarting systems from backup.”
Breaking It Down
Why do cities keep getting sucker punched by hackers? Because they are willfully ignorant of the dangers they face. I would bet that many cities do not believe they will get hit or believe that they are safe. But these same cities have not reviewed their cyber security posture in sometime. They fail to train employees. Why? They won’t spend the money. They do not have employees with the proper skillset. Why? They won’t spend the money. They don’t to have data backed upped or an incident recovery plan in place. Why? They won’t spend the money. Some municipalities leadership, maybe your city leadership, all have the same problem. They are blind to the threat. They don’t want to spend the money. They don’t seek the answer before the question is asked; is your network secure? They better hope its not a hacker asking the question.
