RansomwareRansomware Attacks on Cities Are Rising – Authorities Must Stop Paying Out
A ransomware campaign that targeted twenty-three U.S. cities across Texas has raised serious concerns about the vulnerability of local governments and public services to cyber-attacks. These events come not long after similar attacks on governmental and business organizations in Indiana, Florida and elsewhere. They reflect a general shift in ransomware tactics from “spray and pray” attacks on large numbers of individual consumers, to “big game hunting”, which targets organizations, usually through people in positions of power.
A ransomware campaign that targeted twenty-three U.S. cities across Texas has raised serious concerns about the vulnerability of local governments and public services to cyber-attacks. These events come not long after similar attacks on governmental and business organizations in Indiana, Florida and elsewhere. They reflect a general shift in ransomware tactics from “spray and pray” attacks on large numbers of individual consumers, to “big game hunting”, which targets organizations, usually through people in positions of power.
A recent report from cyber-security firm Malwarebytes found a 363 percent increase in ransomware detections against businesses and organizations (as opposed to individuals) from 2018 to 2019. Put simply, cyber-criminals see an opportunity to extort far more money from organizations than individuals. Although the majority of ransomware attacks were found to occur in the US, local governments around the world are equally vulnerable.
Ransomware usually spreads via phishing emails or links to infected websites, relying on human error to gain access to systems. As its name suggests, ransomware is designed to block access to data, systems or services until a ransom is paid. At a technical level, cities tend to be fairly easy targets because they often have bespoke operating systems, with parts that are old and out-of-date, as well as ineffective back-up measures.
Cities also tend to lack system-wide security policies, so if cyber-criminals gain entry through one system, they can then access others and wreak havoc by freezing essential data and preventing the delivery of services. But even if organizations have improved their technical security, my research with my colleague Lena Connolly has found that few put equal emphasis on training employees to identify and resist attacks.
Target Acquired
Employees in many small and medium-sized organizations, like local governments, often do not recognize their organization’s true commercial value to criminals, and commonly think they are unlikely to be targeted. As a result, they might also develop bad habits – such as using work systems for personal reasons – which can increase vulnerability.
Offenders will do their homework before launching an attack, in order to create the most severe disruption they possibly can. After all, the greater the pressure to pay the ransom, the higher they can set the tariff.
