Ransomware: Cities Keep Getting Sucker Punched!

Published On July 16, 2019 | By Tom Huskerson | News and Analysis

City after city is taking the sucker punch in public coffers. You would think that your local government would be more aware of the dangers of ransomware and be more prepared to block it. That they would have a plan to recover from an attack. Not so. Hackers are having ball taking your tax dollars from cities and counties that fail to implement adequate cyber security measures. The result is millions of dollars in damage and millions more to pay off the hackers.

Did you hear about the ransomware the hit the City of Atlanta? Or how about the City of Baltimore…twice! And those are just two of the big cities this year. Last year it was Denver CO., and Washington, D.C. And the list just goes on and on. City after city paying good tax payer money to hackers. Why does this keep happening?

First of all there is the simple reason of being unprepared and unaware of the threat. Which is no excuse. Baltimore was hit twice by hackers in a year! This cost the city over $20 million dollars. What did they learn from the first attack? No enough obviously.

Most cyber attacks can be traced back to poor cyber security training more than a technology failure. In many cases its the employee that launches the ransomware attack by clicking on something they shouldn’t. Usually email links or attachments. Humans are the weakest link in the cyber security chain.

In the case of Lake City, FL a ransomware attack cost the city over $400,000 in Bitcoin to get back their files. The city fired the Director of IT after an employee downloaded an infected document from an email. The ransomware infected the city’s computer network making it useless. The city paid the hackers and are in the process of getting back to normal.

Another reason that cities end up paying the hacker is because they fail to have adequate back up. Data is precious and the hackers know it. Cities that fail to back up their data are helpless once they get hit. Many say that do not have a budget for back up storage. Well you can bet that Lake City will have a budget for IT security and back up very soon.

Budgetary constraints are a common problem in many municipalities. The sad fact is that these cities cannot afford not to have a cyber security budget.

Another issue is the cost of cyber insurance vs. cost of recovery vs. paying the hackers. If the hackers control millions of dollars of data after an attack and are only asking for a few hundred thousand dollars then the math is simple. Even the annual cost of cyber insurance maybe more than paying the hackers. There have even been reports that some cities have an emergency budget of bitcoins just in case they are hit by an attack. Good thinking? I’ll let you decide.

Another interesting facet of the problem as reported by ProPublica is that some forensics firms, claiming to break the grip of a ransomware attack, are really just paying the ransom and passing the cost onto their customers.

If you think the problem is solved after paying the ransom you’re wrong. Depending on how merciful or mean the hacker is you may get the decryption key, you may not., Sometimes the hackers ask for more money or simply disappear. leaving you with nothing but a locked up computer network.

The FBI has some advice in case you get hit by ransomware. Hackers are getting rich by attacking municipal networks. Paying them just validates the business model and the attacks continue. Whether you pay or not is completely the up to the company or city. Its not unheard of for the hacker to attack the same target twice.

“After systems have been compromised, whether to pay a ransom is a serious decision, requiring the evaluation of all options to protect shareholders, employees and customers,” the FBI says. “Victims will want to evaluate the technical feasibility, timeliness and cost of restarting systems from backup.”

Breaking It Down

Why do cities keep getting sucker punched by hackers? Because they are willfully ignorant of the dangers they face. I would bet that many cities do not believe they will get hit or believe that they are safe. But these same cities have not reviewed their cyber security posture in sometime. They fail to train employees. Why? They won’t spend the money. They do not have employees with the proper skillset. Why? They won’t spend the money. They don’t to have data backed upped or an incident recovery plan in place. Why? They won’t spend the money. Some municipalities leadership, maybe your city leadership, all have the same problem. They are blind to the threat. They don’t want to spend the money. They don’t seek the answer before the question is asked; is your network secure? They better hope its not a hacker asking the question.

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. Tom attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has also written both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and EbonyCandle.com. Tom is not the chief editor for the OnTechStreet. com. A news and information blog that focuses on tech news for African-Americans. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Comments are closed.