Ransomware should be a concern for everyone, from small businesses to large corporations, although the likelihood of suffering from an attack may be dependent on various factors. Cybercriminals often select targets they believe to have the most attractive data and will likely respond quickly to their ransom demands, as well as targets who may have poorly trained employees and overall weak security. Unfortunately, towns across the U.S. are learning the hard way that their municipal systems are just as vulnerable to an attack as any other entity.
Town officials in Rockport, Maine, can attest to the growing threat of ransomware. At closing time on April 13, town workers discovered that the files on their computers were unable to be opened, resulting from an unknown hacker placing malicious software on their network in the form of ransomware.
Like many victims of ransomware, Town Manager Rick Bates thought the easiest way to handle the situation was to pay the ransom demand. Bates felt that the payment request of about $1,200 in bitcoin was small enough that making the payment would be a viable solution.
Gus Natale, a local information-technology contractor, had other ideas for handling the malicious software on the town’s network. Natale went directly to the town office to begin unplugging the computers upon hearing of the incident. Determined, Natale didn’t want to let the bad guys win by allowing the town of Rockport to fork over the payment to the hacker.
By working through the weekend, Natale and his helper were able to recover the town’s files from a compromised backup server, allowing the town to have their systems up and running by the next week without having to pay the ransom. Despite forgoing the costs of the ransom demand, The Wall Street Journal reports that the restoration work to get the systems back up and running as quickly as possible cost the town $10,000 and an additional $28,000 to $30,000 to improve their security posture and implement a cloud-based backup system.
The Rockport example is just one of many municipal systems that have been invaded by a hacker during the rise in cybercrime. Hackers have struck large cities such as Atlanta and a library in St. Louis, to extremely small towns and counties across the U.S. These attacks are costing local governments significant amounts of money as they try to pick up the pieces and improve their security measures following an attack.
Public-sector attacks appear to be rising faster than those in the private sector, according to the Ponemon Institute, a Traverse City, Mich., research company focused on information security. Ponemon estimates 38% of the public entities it samples will suffer a ransomware attack this year, based on reports through May, up from 31% last year and 13% in 2016. The company samples roughly 300 to 400 public-sector entities each year.”
The Wall Street Journal
According to Marshall Davies, executive director of the Public Risk Management Association, although hackers have been targeting businesses for years, they are “just now coming after the public entities.”
Christopher Krebs, a senior official at the Department of Homeland Security, explains that the hackers attacking these cities are typically cybercriminals and not nation states. These criminals are looking for vulnerabilities to exploit and will often use poorly written English in their demands, requesting bitcoin or another cryptocurrency as the form of payment.
Should Cities Pay Ransom Demands?
A common question posed by individuals and organizations facing ransomware is, “should we pay the ransom?”.
Some local governments have chosen to pay the ransom demanded by a hacker. For example, officials in Leeds, Ala. Paid $8,000 out of the requested $12,000 to a hacker following an attack. With all the Birmingham suburb’s computer systems down, officials made the difficult decision to pay the hacker, allowing the city to regain access to most of their files.
In a similar situation, Montgomery County, Ala. paid nearly $47,000 dollars last September to regain access to their backup files held hostage by a hacker.
The Federal Bureau of Investigation does not advise victims of ransomware to pay the demand made by the cybercriminal, warning that in some cases, victims never receive the decryption key they are promised to recover their files following the payment.
Licking County, Ohio took that advice and chose not to pay the ransom request of $50,000 in bitcoin to recover their data. The computer system which was compromised by an exploited firewall allowed the hacker’s entry into the system. Luckily for the county, almost all their data was backed up allowing their systems to be restored without having to pay the hacker.
Spring Hill, Tenn., chose not to pay the $250,000 ransom demand following an attack late last year, but unfortunately, the city is still facing significant monetary damages. According to City Administrator Victor Lay, the restoration efforts following the ransomware attack could cost the city around $100,000.
With no signs of ransomware attacks slowing down, cyber insurance should be evaluated across the U.S. in small towns and large cities alike. Some cities have chosen to purchase cyber insurance already, such as Leeds Ala., who had most of their ransom payment covered by their cyber insurance plan. In a different approach, some officials feel that the money they would spend on cyber insurance is better suited for improving their backup systems, something they would need immediately following a potential attack.