Ransomware gangs target US cities
More than half a dozen cities and public services across the US have fallen victim to ransomware so far in 2019.
The latest victim, Key Biscayne, is the third city in Florida in a month to suffer a ransomware strike from outside attackers.
Earlier in the month, both Riviera Beach and Lake City were forced to cough up large ransom demands after being unable to recover files that were encrypted by ransomware.
Riviera City officials agreed to pay a ransomware group 65 bitcoins, or the equivalent of $600 000, earlier in June, and later in the month, Lake City, another small Florida town, voted to pay a ransom demand of 42 bitcoins, or the equivalent of $500 000.
This third attack comes hot on the heels of a similar offensive in Baltimore, which demanded a $76 000 ransom the city refused to pay, and ended up costing it damages to the tune of more than $18 million.
In April, e-mail and baggage systems at Cleveland Hopkins International Airport fell victim to the scourge, while in March, ransomware hit the court system in rural Jackson County, Georgia, which saw the county paying attackers $400 000.
It is unclear how many of these attacks were carried out by the same threat actors, but in all three Florida cities, ransomware found its way onto local government computers when an employee clicked on a malicious link in an e-mail.
Francis Dinha, CEO of security protocol OpenVPN, says local municipalities are becoming attractive targets for cyber criminals because they know how crucial local government is for the entire city to function.
“If City Hall is shut down by a cyber attack, the impact is far-reaching over a number of departments – which can be a motivator to pay the ransom and get operations running again,” he adds.
Combine that with minimal security budgets and a lag when it comes to keeping cyber security protocols up to date, and it's easy to see why cities are an easy and compelling target.
When asked whether or not cities should give in to paying ransom fees, Dinha says: “The worst choice for any organisation facing a ransomware attack is paying the ransom. In some cases, the attackers don’t actually have the ability to decrypt the affected data and are just bluffing, meaning that even if you do pay, there’s no guarantee you’ll get your data back. Moreover, paying the ransom only encourages them to strike again.”
He says if an entity opts to pay the ransom, it needs to understand the message that sends to the hackers, and assess whether or not it wants to be marked for future attacks.
Securing government networks
So how can city governments protect themselves?
According to Dinha, governments should take steps to secure their networks. “Firstly, limit what devices can connect to internal systems, and regulate which files users and devices have access to. This ensures that even if a device gets infected by malware, it can’t inflict widespread damage throughout the entire agency.”
He also advises organisations to conduct frequent backups. “This is good practice to defend against ransomware, because, should they be hit with a ransomware attack, but have recently backed up their data, they could easily restore everything from that backup and lose minimal work and information without paying the ransom.”
Finally, Dinha says organisations must train employees to better detect spear phishing e-mails and other ransomware tactics commonly used.