For cities, states and towns, paying up is short-sighted and only makes the problem worse.
Ransomware Attacks- When it comes to ransomware attacks on municipalities, paying hackers isn’t the right solution. First, there’s no guarantee hackers will return sensitive data. Second, there’s no guarantee cybercriminals won’t leverage and monetize the data anyway, returned or not. To effectively fight back, we need to make ransomware payments illegal, and develop a strong industry of cyber professionals, a digital army of sorts, to proactively increase security awareness and data protection.
Ransomware attacks on municipal governments, from large cities to small towns, have been crippling their IT operations nationwide, disrupting civilian lives and costing millions of dollars. Cybercriminals use malicious software, delivered as an email attachment or link, to infect the network and lock email, data and other critical files until a ransom is paid. These evolving and sophisticated attacks are damaging and costly. They shut down day-to-day operations, cause chaos, and result in financial losses from downtime, ransom payments, recovery costs, and other unbudgeted and unanticipated expenses.
While ransomware has been around for about 20 years, its popularity has been growing rapidly as of late, especially when it comes to attacks on governments. As of August 2019, more than 70 state and local governments had been hit with ransomware that year alone. Local, county and state governments have all been targets, including schools, libraries, courts, and other municipal entities.
In 2019, some smaller government entities paid ransoms, including two town governments and one county government. In Florida, Lake City paid roughly $500,000 (42 Bitcoin) and Riviera Beach paid about $600,000 (65 Bitcoin) after trying and failing to recover their data. In Indiana, La Porte County paid $130,000 to recover its data.