Cities held for ransom: Why are public entities easy targets for cyber crime?
In May 2019, Baltimore found itself fighting off cyber crime – a ransomware attack that hit the city – the second known cyber attack in 14 months. Business had come to a sudden halt as hackers took control of the city’s computer systems, demanding $76,000 in cryptocurrency ransom.
In a bold move, the city refused to pay. Since then, city officials have been working hard to restore systems and employee access, which could take months and could cost over $18 million.
It was the first time Baltimore faced ransomware demands, it certainly was not the first time it had been attacked. In 2018, hackers disabled Baltimore’s 911 dispatch system. However, there was no ransom demand. Instead, officials worked to isolate the threat and restore systems, which were down for 17 hours. The cost of recovering from that attack is still unknown.
Other cities have faced similar cyber-crime attacks. When Atlanta’s municipal operation systems were breached in 2018, the ransom demand was for approximately $55,000 in Bitcoin. City officials hesitated, and hackers removed the payment portal, leaving Atlanta offline. The cost to recover is now expected to exceed $9.5 million.
No matter the size of the public entity, both ransoms and recovery costs are devastating, particularly in municipalities that have limited funds. Such was the case for the city of Leeds, Alabama, which was hit with a ransomware attack in 2018. Leeds, a city of just under 12,000 residents, was forced to pay $12,000 in cryptocurrency to regain control of its systems.
And yet the ransoms are just the beginning of the costs that public entities will face when hackers take control of company systems. The average cost for a business hit with a ransomware attack is over $8.25 million and over 40 employee working hours spent on recovery.
Why are public entities being targeted repeatedly by hackers? Because they are the perfect target. Many public entities, hamstrung by tight budgets and little funding available to spend on IT systems upgrades, do not have enough security measures in place to ward off a ransomware attack.
Statistics show that 44% of local governments face regular cyber attack threats, and 28% do not know how often they are attacked. More alarming is that 41% of those local governments surveyed do not know if they’re systems have been breached.
Cyber criminals are aware that public entities are more vulnerable, too. Publicly announced ransomware attacks against state and local governments spiked in 2018 with 53 incidents recorded, a 39% increase over 2017. The first months of 2019 were equally active, showing no signs of the trend slowing.
No city is immune. Ransom demands of $250,000 or more are not uncommon in small municipalities. Should a town fail to pay by the stated deadline, ransoms will go up or, as in the case of Atlanta, payment options disappear, and towns are left with no recourse but to start over.
That is where the cost of a ransomware attack can go far beyond the initial ransom demand. Recovery is expensive: what public entities are compelled to pay for include:
- System recovery services or new systems
- Forensics investigations
- Recovery and remediation of any personal identifiable information
- Claims services and related expenses
- Improving system security, prevention, and response
The evolution of cyber attacks
Even the most prepared public entity is still vulnerable to ransomware attacks. Because of the fast payout, ransomware attacks have become the method of choice for many cyber criminals. Unlike cyber attacks of even five years ago, when main systems were the target and recovery was faster, ransomware attacks target everything.
Now, cyber thieves seek out both the systems and the servers where system backups are being stored. Once the backups are encrypted, public entities no longer are able to restore their systems. The only option is paying the ransom.
Thanks to the internet, ransomware attacks have become big business. Even inexperienced hackers can buy ransomware programs on the dark web and launch an attack. It has become a fast payout for hackers – there is no reselling of personal data needed, and little effort involved in extracting payment from organizations.