Multiple Ransomware Attacks Hitting U.S. Cities
Cities across the U.S. are being held at ransom. Cybercriminals are attacking municipal computers and holding them at ransom for tens or hundreds of thousands of dollars in exchange for regaining control of their data.
The criminals install ransomware, a type of malware that freezes the entire system and encrypts files until the ransom is paid.
In recent weeks, Baltimore and two Florida cities have been the victims of ransomware attacks. Baltimore has spent millions after their attack because they refused to pay the ransom of $76,000 in Bitcoin. In Florida, Rivieria Beach and Lake City have each paid hackers roughly half a million dollars in Bitcoin to unlock their data. Both cities paid with insurance funds.
During the U.S. Conference of Mayors annual meeting in late June 2019, the group approved a resolution opposing paying criminals after ransomware attacks. The resolution notes that the mayors do not want to encourage more attacks by demonstrating that they are willing to pay.
Atlanta mayor Keisha Bottoms, whose city was also hit with a ransomware attack but refused to pay, called on Congress to give cities and small towns more access to information on preventing these kinds of attacks. Federal agencies have clear protocols for many crimes that affect cities, but not cybercrime.
More on ransomware
Ransomware attacks have been around for about five years, but they seem new to the public because of the recent news coverage. Ransomware attacks are popular against corporations, but corporations are not obligated to disclose the attack and generally pay the criminals without notifying the public. City governments have an obligation to notify the public how funds are being handled, so the attacks are covered in the media.
Ransomware is commonly sent via phishing spam, or an email that tricks the user into opening a file that installs the malware. Once the file is opened, it infects the computer and encrypts the user’s files so that the user cannot access them. The user will receive a message explaining what happened and that the files will only be decrypted once the user sends an untraceable Bitcoin payment. Only the attacker has the key to open the files. Some ransomware is aggressive enough to infect other computers on the system without having to phish every user.
While law enforcement may not be able to provide recourse for pursuing the criminals, entities can take some protective measure. A cyber insurance plan helps cover costs associated with damage to systems and damage to data. A good cyber insurance plan also includes coverage for extortion and fraud and covers costs associated with breach response and public relations.
IDMI.Net takes multiple measures to prevent our clients’ data from being compromised. In the case of an attack, our clients have the backups they need to continue serving their customers. Contact us today to learn more.