Increasing ransomware attacks against local governments have made headlines over the past few months, with a report from the 87th annual meeting of the U.S. Conference of Mayors saying that there were 22 attacks in 2019 alone. Ransomware attacks can cost millions in repair and restoration efforts, and the increasing number highlights the growing need for better ransomware policies. This is increasingly significant issue has already sparked some action within local government communities. In the U.S. Conference of Mayors, one of the adopted resolutions addressed this specific problem. The members took a strong stance against paying ransomware, stating in their resolutions that this only “encourages continued attacks on other government systems.”
Recent ransomware incidents
This year has seen multiple cities hit by ransomware — from Baltimore (which has paid US$18 million so far to recover), to Michigan, and multiple cities across Florida. And this trend continues this month with two attacks hitting different organizations in the span of a few days.
On July 6, a ransomware attack was successfully launched against the network of La Porte County, Indiana. According to a report from Bleeping Computer, the IT department of the county was able to confine the ransomware to less than 7% of the laptops. However, the ransomware managed to affect network services enough that the county’s email and website were not working. The ransomware that hit La Porte is a known threat called Ryuk, and it was what hit multiple cities in Florida.
The county actually paid around US$130,000 in bitcoins for the ransom, with about US$100,000 covered by insurance.
Just a few days later, on July 10, a ransomware attack hit Monroe College, a Bronx-based institution. The attack also affected their campuses in Manhattan, New Rochelle, and St. Lucia, as reported by the Daily News. The attack brought down the school’s website and affected online classes. The hackers demanded roughly US$2 million in bitcoins as ransom. On their Facebook page, the school stressed that it is trying to get everything running again, but there have been no reports of it paying the ransom.
Law enforcement and security experts advise against paying ransom and instead encourage people to use best practices to prepare for ransomware or mitigate attacks. Paying the ransomware is a short-lived solution — and there is no guarantee that the hacker will actually provide decryption after they are paid.
Paying ransomware also just encourages attackers and sends an “open for business” signal to other malicious actors. The general thinking is that, if an institution pays the ransom once, they probably will again.
In the Conference of Mayors, 1,400 mayors from across the U.S. acknowledged the ransomware problem and specifically cited the issues it has caused for local governments. In general, ransomware attacks can cost localities millions of dollars in repair and reconstruction. As such, they stand firm and have “a vested interest in de-incentivizing these attacks to prevent further harm.”
[READ: Examining Ryuk Ransomware Through the Lens of Managed Detection and Response]
For enterprises and organizations, it is vital to implement security best practices against ransomware:
- All of the organization’s users should back up their data regularly to ensure that data can be retrieved even after a successful ransomware attack.
- Users should be wary of suspicious emails and avoid clicking on links or downloading attachments unless they are certain that an email came from a legitimate source.
- IT staff should restrict the use of system administration tools to IT personnel or employees who need access.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Trigona
- Steering Clear of Security Blind Spots: What SOCs Need to Know
- Understanding the Kubernetes Security Triad: Image Scanning, Admission Controllers, and Runtime Security
- Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
- Your Stolen Data for Sale