Ransomware: Cybercrooks hold cities hostage
Hackers are taking American cities hostage and making out like bandits, said Lily Hay Newman in Wired.com. Already this year, “more than half a dozen cities and public services across the country have fallen victim to ransomware.” These attacks typically begin with an unsuspecting municipal employee clicking on a link in a seemingly innocent email. Ransomware then spreads across the target city’s computer network and locks the IT system. A municipality can either pay the hackers a ransom to unlock the network or begin the painstaking process of rebooting and rebuilding their entire computer system. Such attacks are often carried out by sophisticated criminal syndicates that “offer malware and attack services to virtually anyone on the black market.” And this crime pays big. Two Florida cities—Riviera Beach and Lake City—paid almost $1.1 million in Bitcoin last month to hackers who had paralyzed their computer systems. Baltimore “was crippled by ransomware” in May but refused to cough up $75,000. Instead, it “spent about $18 million to recover and improve its defenses.”
Sometimes it just makes sense to hand over the money, said Larry Dignan in ZDNet.com. That goes against conventional wisdom. But there are high costs to having your city paralyzed for days. Organizations have to weigh numerous factors. If they stand firm, how much will they have to pay the consultants who will rebuild their computer systems? And what valuable data might be lost permanently in that process? In the end, paying ransom “starts to look like every other business decision.” Some hackers might even be willing to offer cooperative victims a discount. The “post-Baltimore mindset” of many municipalities is that “paying ransom now potentially looks cheaper and faster,” said Jamie Condliffe in The New York Times. But that simply encourages more attacks “by signaling that a city is willing to pay and doesn’t have an effective response plan.” What’s to stop Riviera Beach and Lake City from being hacked again and again?
Ransomware succeeds “because organizations are still running their IT departments like it’s 1999,” said Sean Gallagher in ArsTechnica.com. If cities had a recovery plan or backup systems on standby, “then ransomware attacks would be mostly a containable annoyance.” Baltimore’s chief information officer— whose background was in sales, not IT—had been developing a disaster plan “intended mostly for dealing with power outages, not total data loss.” The city also didn’t have insurance to cover the cost of an IT system recovery, despite pleas from an IT security manager. This is “indicative of just how unprepared many governments” are for these malicious attacks. Until cities get real about this threat, crooks will keep on shaking them down.