Encrypted cities

June 28, 2019

The number of cyberattacks on US city administrations is on the rise. In less than two months, a third city suffers from the same threat — ransomware.

Baltimore, Maryland, was attacked on May 7. The city’s administration decided not to give in to the extortionists and suffered damages of more than $18 million, according to preliminary estimates. A few weeks later, Riviera Beach, Florida, was next. The city’s computers were encrypted, and officials decided to pay the extortionists 65 bitcoins, or about $600,000.

When ransomware paralyzes city services, we are talking not only about financial damages, but also about the lives and well-being of local residents.

A week after that, another city in the same state was attacked — Lake City. This time, the city administration deliberated even less and ended up paying almost half a million dollars to the extortionists. It is not yet known whether they were able to decrypt their data, but they confirmed that the attackers sent them the decryption key.

This is not the beginning of a new wave of attacks. You don’t have to dig deep to find plenty of other similar, prominent incidents — in Atlanta, Georgia, Jackson County, Georgia, Albany, New York, and more.

To pay or not to pay?

As the Baltimore case shows, it is much more expensive to fight the consequences of an attack than to pay extortionists. Perhaps it was the calculation of the damages from this incident that influenced the decisions of the Riviera Beach and Lake City councils.

Of course, the decision to pay is understandable. When ransomware paralyzes city services, we are talking not only about financial damages, but also about the lives and well-being of local residents. However, every time a city pays, attackers become more convinced that their efforts are not in vain. So, they choose their next victim and keep the trend going. That’s a big part of why the FBI and companies involved in information security do not recommend paying.

How to avoid getting encrypted

Almost all ransomware infections follow a similar script: Someone in a city’s administration receives a letter that includes a malware link or attachment and, not recognizing the threat, the employee launches the malware, which exploits long-known vulnerabilities in operating systems or other software to encrypt data. Sometimes (again, through known vulnerabilities), the malware spreads to all computers on the victim’s local network. Therefore, we have three main tips:

  • Update software right away, prioritizing operating systems.
  • Employ security solutions that can handle known and yet-undetected ransomware on all computers. Even if you already have a reliable protection, you can use the Kaspersky Anti-Ransomware Tool as an additional protective layer — it can work in combination with other companies’ security products.
  • Teach employees to recognize and defend against the social-engineering techniques malefactors use to get a foothold in corporate networks.

Among our other solutions, we offer Kaspersky Interactive Protection Simulation, a solution designed specifically for local public administrations. It was created in the framework of the COMPACT project created by the European Commission, but it is also suitable for training public administrations around the world. You can learn a little more about it in this article.