Municipal governments report a continued increase in ransomware attacks, while the US federal government offers little assistance. Hackers downed a help line during a major snow storm in Akron, Ohio, late last year, and froze the city of Baltimore’s computer networks for months earlier this year. Then, in August, coordinated ransomware attacks against 23 cities in Texas were carried out.
Ransomware is an attack method using malware that encrypts data until the target/victim pays a “ransom” to regain access. Typical ransomware tactics involve freezing access to data until a few hundred dollars is paid in Bitcoin. But new ransomware strains like “Ryuk” and “SamSam” are now being used which infect an entire organization’s computing system, and the price asked for ending the ransomware attack increase exponentially.
Legislators in Washington, D.C. have offered little in the way of federal help for states and local governments under cyberattack. However, in late September, the Senate approved new legislation aimed at protecting local cities and schools from ransomware attacks. The proposed, “DHS Cyber Hunt and Incident Response Teams Act,” authorizes the Department of Homeland Security (DHS) to create “incident response teams” to help organizations battle ransomware attacks. That means that the DHS would create teams to protect state and local entities from cyber threats and restore infrastructure that has been affected by ransomware attacks.
Too many municipalities remain unprepared for today’s threat-environment, with inconsistent software updates, weak IT departments, and a pattern of selecting the insurer-paid option when confronted with the cost of restoring systems from the ground up. Despite the current advice of the FBI, for instance, Lake City, Florida paid its ransomware attackers over $460,000 in Bitcoin this year, and Riviera Beach, Florida paid around $600,000 to regain access to its systems.
Baltimore is trying to recover from what may be the most expensive ransomware attack ever for a state or local government in the US. The City refused to pay a ransom but will spend up to $18.2 million to restore its systems.