https://www.americancityandcounty.com/wp-content/themes/acc_child/assets/images/logo/footer-logo.png
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcast
    • Latest videos
    • Product Guides
  • Resources & Events
    • Back
    • Resources
    • Webinars
    • White Papers
    • IWCE 2022
    • How to Contribute
    • Municipal Cost Index – Archive
    • Equipment Watch Page
    • American City & County Awards
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Privacy Statement
    • Terms of Service
American City and County
  • NEWSLETTER
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcasts
    • Latest videos
    • Product Guides
  • Resources/Events
    • Back
    • Webinars
    • White Papers/eBooks
    • IWCE Expo
    • Calendar of Events
    • How to Contribute
    • American City & County Awards
    • Municipal Cost Index
    • Equipment Watch Page
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Privacy Stament
    • Terms of Service
  • newsletter
  • Administration
  • Economy & Finance
  • Procurement
  • Public Safety
  • Public Works & Utilities
  • Smart Cities & Technology
  • Magazine
acc.com

Smart Cities & Technology


Article

Pay us or else

Pay us or else

Local governments are being targeted by ransomware at an alarming rate, and very few communities are prepared to deal with the threat
  • Written by Derek Prall
  • 9th October 2019

Our cites are under attack, and most communities are unaware just how vulnerable they are. Ransomware is a nefarious tool bad actors are using to enrich themselves by holding data captive. Municipalities are particularly susceptible to these threats, and the hackers know this. Unless proactive steps are taken now, your municipality will be hit. It’s not a matter of if, but when.

The city of Atlanta knows this well. In March of last year, the southern transportation and economic hub was struck with an attack that affected numerous city services and programs including utilities, courts, and parking. Many city officials were forced to work with paper forms.

While much of the information about the attack is privileged information, at the time Reuters reported Atlanta devoted $2.7 million to recover from the attack, but later estimated it would need $9.5 million.

On November 26, 2018, the Department of Justice indicted two Iranian hackers with the attack, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri. The New York Times reported the two individuals were responsible for the widespread SamSam ransomware.

While Atlanta’s attack was noted for its duration and the sheer number of services impacted – in June 2018 Reuters reported a third of the software programs used by the city remained offline or partially disabled – smaller ransomware attacks are shockingly frequent. While not every attack makes the news, the threats are pervasive.

Rita Reynolds, the Chief Technology Officer at the National Association of Counties says the threat ransomware poses is significant, and that many communities aren’t prepared to prevent an attack. “It is definitely a large threat,” she says. “It’s not a matter of if it’s going to happen, it’s when is it going to happen and how do we minimize the impact.”

And these attacks are becoming much more frequent. High-profile cases like the attacks that hit Baltimore and Atlanta make headlines, but Reynolds says the problem is much more pervasive than the general population understands. “Even in the past three months to five months, I’ve seen an increase in ransomware attacks on local government. Counties are contacting us quite a bit asking what they can do.”

But before you can protect yourself, you first need to understand the threat.

 

What is Ransomware?

Ransomware is malware that blocks access to a system, device, or file until a ransom is paid. Once it infects a computer, the ransomware encrypts files on the infected system, although some variants erase files or block access to the system using other methods, according to materials from the Center for Internet Security (CIS).

The Center’s Chief Technical Officer, Brian Calkin, says, ransomware in layman’s terms is actually pretty simple to think about. “It’s a virus that’s on your computer and what it does is in the background, unbeknownst to the user, it encrypts all your files – typically things like your word documents and your photos and your music – all of those things that are not easily recoverably.” Most of the time you can still use your computer, he says, but certain files will be unavailable to you.

You’ll be presented with a screen that informs you you’ve been the victim of a particular attack, and instructions for how to pay the ransom. “Typically, this is anywhere between 500 and a couple thousand dollars,” Calkin says. The payment will be accepted in some form of cryptocurrency – more than likely bitcoin. Once the payment is received, the attacker will provide the victim with a socalled “key” that decrypts the data. In many cases there’s a timer running. If payment is not made in the allotted timeframe, the key will be destroyed and the data will be irrecoverable.

While this might be a nuisance on a personal computer, it becomes truly problematic when the machines being attacked are connected to a network. Then the malware can spread throughout the entire system, locking down critical components and grinding operations to a halt, Calkin says.

Most of the time these attacks are opportunistic, Calkin explains, meaning they are not targeted at a specific individual. Instead, bad actors behind these attacks are casting a wide net, hoping to ensnare as many individuals as possible and, by extension, infect as many machines as they can.

However, this isn’t always the case. “In some cases compromises are very targeted,” Calkin says. “If, for example, they find a particular vulnerability on a system they are able to determine belongs to a large city like Atlanta or Baltimore they realize they have something potentially more lucrative, so they’ll use their access to the vulnerable system to deploy their ransomware attack.

The majority of the time, though, the main vector for these attacks is a social engineering process known as phishing. Phishing is usually performed via email where a bad actor will pose as a trusted source with the intention of obtaining sensitive information or getting someone to download a malicious payload, according to CIS. While many phishing attempts are obvious, the methods and strategies are becoming increasingly sophisticated.

 

Why are local governments a target?

Local governments are attractive targets for cyber criminals for a number of reasons. Reynolds explains one issue is that oftentimes the equipment being used is woefully outdated. “We have machines in use that really should have been retired years ago. I’d like to think no one is still using a Windows 95 machine, I know they’re still out there.”

This is a problem, Reynolds says, because the technology used in those operating systems don’t have the capacity to address today’s security needs.

Staffing is also a critical issue. Brian Vecci, a field Chief Technology officer at software company Varonis, says that many municipalities are understaffed, and their IT staffs in particular are overworked. Many cybersecurity professionals are offered larger salaries in the private sector, so it’s difficult for local governments to stay on the cutting edge.

Finally, Local governments are also a favorite target because of the nature of what they do. Governments deal with a tremendous amount of data, and the services they provide are critical. Vecci says at the end of the day, ransomware attackers are looking to get paid. If they know they can cripple critical municipal services, they are far more likely to cash in.

The reason we’re seeing so many successful attacks these days is because they are becoming more sophisticated. Phishing attacks are becoming more clever, and the software itself is readily available for anyone to use. In the past, if you wanted to attack an individual or organization, you’d have to write the malicious code yourself. Now, ransomware has become a service. Vecci says. “It used to be relatively sophisticated individuals or groups of individuals [launching these attacks],” he says. “Now if you Google “ransomware as a service” you can go to a website and give them some email addresses and a third party will launch the attack for you.”

 

What do I do If I’m attacked?

Unfortunately, if ransomware makes it into your network, it’s already too late. While there are resources available with known decryption keys like nomoreransom.org, it’s fairly rare that data can be decrypted without paying the ransom, Vecci says.

“Hopefully you’ve got good backups,” Vecci says. “If you don’t that’s a problem. Then it becomes you have to pay the ransom if you want the data back.” However, sometimes the attack is so widespread that you have no recourse. You either have to rebuild everything from scratch or pay up.

Understandably, this solution isn’t the most palatable one. Calkin says there are negative ramifications for giving into the demands of bad actors, but unfortunately there’s little recourse. “There are all sorts of philosophical issues with this. If you pay the ransom, are you perpetuating the problem? But in some cases, when you don’t have a backup, the almost guaranteed way to get your files back is to pay the ransom.”

Obviously getting to the point of making that decision should be avoided. By its very nature, the only way ransomware can be dealt with is for it to be prevented from occurring in the first place.

 

How can I protect my community?

Reynolds says the response to cyber threats in local government used to be reactive, but to stay secure with today’s threats it’s important to be proactive. One of the best ways to do this, she says, is by rethinking the way file systems are set up, and who has access to what.

She likens it to a house. You have a fence around your property to keep people out, and cameras to monitor who comes to the door. The door is locked, and your valuables are locked in a safe. Not everyone who comes in the house can or should have access to what’s inside.

Traditional networks weren’t set up like this, but many IT professionals are understanding just because you have access to the network doesn’t mean you should have local admin rights on that device. If everyone has access to everything, a ransomware attack can spread quickly and unmitigated. Reynolds suggests reworking who has access to what on the network – not to be punitive, but to make the environment as secure as it can be.

Vecci agrees with this notion. “The root of the problems is that files have been open to way too many people. Making sure that the right people have the right access to the right file is a hard thing to do, and it’s often completely unmonitored. It’s hard to figure out when something like ransomware is happening.”

Another proactive way to protect networks from attack is to ensure that all software is up to date with the latest patches. “Everybody needs to make sure their servers and end-user workstations are up to date with security patches,” Reynolds says. While it might seem daunting, it’s a critical defense mechanism.

Training is also crucial. There are tools available to test end-users to see how likely they are to fall victim to a phishing email, Reynolds says. This should be done often to help the workforce remain vigilant and aware of the warning signs.

This isn’t to suggest that protecting an organization from ransomware is strictly the responsibility of the IT department, though. Elected officials play a major role as well, Reynolds says. Leaders must understand that their prioritization of this issue sets the tone for their organization. It’s the responsibility of leadership to do exactly that.

Part of this responsibility is to make use of available resources. “Every local government should be a member of MS-ISAC – the Multi-State Information Sharing and Analysis Center,” Reynolds says. Many of the center’s resources are free of cost, and it provides access to alert systems, awareness and education materials as well as cybersecurity table-top exercises to help local governments improve their security postures.

 

For more information on Ransomware, visit the Center for Internet Securty at www.cisecurity.org.

 

Tags: homepage-featured-1 homepage-featured-4 In-Depth Smart Cities & Technology In-Depth Smart Cities & Technology Article

Most Recent


  • digital
    How to leverage digital tools to drive innovation in government
    The rapid evolution of digital technologies transformed the way governments function, making them more efficient, transparent and citizen-friendly. Rather than relying on crystal trophies, governments can leverage digital tools to drive innovation and streamline processes, benefiting the population they serve. Open data and crowdsourcing Open data refers to making government data available to the public, […]
  • Broadband
    Oversight committee addresses NTIA reauthorization, FCC broadband map ahead of BEAD Program funding allocations
    As technological advancements continue to roll out at a breakneck pace, from artificial intelligence to high speed broadband connectivity, investment in digital infrastructure has become a defining theme of the modern era. Rep. Cathy McMorris Rodgers, (R-Wash.), chair of the House Energy and Commerce Committee, stressed the importance of this charge in opening remarks at […]
  • zero trust
    Zero trust is a great strategy but a terrible name
    The monthly town hall meeting was going well until they got to the agenda item called “zero trust.” What was to be a routine request for additional funding to implement a zero-trust environment quickly became one of confusion and misunderstanding. Trust in government at all levels has continued its downward spiral over the years. So, […]
  • ransomware
    Dallas ransomware attack shuts down systems, forces public safety to use backup communication protocols
    For the last week, information technology administrators in Dallas have been working around the clock to mitigate the impact of a widespread ransomware attack that disrupted business, caused first responders to impliment backup communication protocols, and took public-facing digital infrastructure offline. Since the early morning hours of last Wednesday, when ransomware was discovered in the […]

Leave a comment Cancel reply

-or-

Log in with your American City and County account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • North Texas alliance partners with Marketplace.city on smart government solutions
  • Harris County deploys next-generation security in 150 public buildings
  • Prioritizing rapid restore leads to stronger ransomware attack recovery
  • Today’s infrastructure needs greater than roads and bridges - It’s time to face our digital connectiveness

White papers


5 reasons why Plan Examiners need Objective Trapeze

30th May 2023

7 Permitting & Licensing Fails Slowing Community Growth

24th May 2023

The Secret Ingredient to Local Government Employee Retention

23rd May 2023
view all

Webinars


How to Centralize and Build a Grants Management Process at your Organization

24th May 2023

Making Permitting Easier: What We’ve Learned Helping America’s Largest Cities Improve Their Permitting Process

16th May 2023

Digital Property Tax Collection: Tales from the Trenches of Modernization

16th May 2023
view all

PODCAST


Young Leaders Episode 4 – Cyril Jefferson – City Councilman, High Point, North Carolina

13th October 2020

Young Leaders Episode 3 – Shannon Hardin – City Council President, Columbus, Ohio

27th July 2020

Young Leaders Episode 2 – Christian Williams – Development Services Planner, Goodyear, Ariz.

1st July 2020
view all

GALLERIES


Gallery: Annual index ranks America’s top performing cities; most are in the West

30th May 2023

Gallery: Top 10 American cities for seasonal and summer jobs

25th May 2023

Gallery: 10 of America’s most affordable cities

9th May 2023
view all

Twitter


AmerCityCounty

Digital government comes with massive benefits — and new considerations, from accessibility to security to customer… twitter.com/i/web/status/1…

31st May 2023
AmerCityCounty

5 reasons why Plan Examiners need Objective Trapeze dlvr.it/Sptl5z

30th May 2023
AmerCityCounty

Navigating crises with confidence: Five ways strategic plans support crisis response dlvr.it/SptVKN

30th May 2023
AmerCityCounty

Gallery: Annual index ranks America’s top performing cities; most are in the West dlvr.it/SpszdK

30th May 2023
AmerCityCounty

2022 Crown Communities Award winner: Miami-Dade County Clerk of Courts’ jury selection system dlvr.it/SphCBk

26th May 2023
AmerCityCounty

Gallery: Top 10 American cities for seasonal and summer jobs dlvr.it/SpdFWy

25th May 2023
AmerCityCounty

How to leverage digital tools to drive innovation in government dlvr.it/Spcktb

25th May 2023
AmerCityCounty

With many cities facing a fiscal cliff as ARPA funding ends, debt ceiling debate continues on Capitol Hill dlvr.it/SpZLph

24th May 2023

Newsletters

Sign up for American City & County’s newsletters to receive regular news and information updates about local governments.

Resale Insights Dashboard

The Resale Insights Dashboard provides model-level data for the entire used equipment market to help you save time and money.

Municipal Cost Index

Updated monthly since 1978, our exclusive Municipal Cost Index shows the effects of inflation on the cost of providing municipal services

Media Kit and Advertising

Want to reach our digital audience? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • IWCE’s Urgent Communications
  • IWCE Expo

WORKING WITH US

  • About Us
  • Contact Us

FOLLOW American City and County ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.