Why are so many US public entities being hit by ransomware? - harlan4096 - 23 July 19
Quote:
Within the same week in June 2019, two Florida towns fell victim to ransomware and paid a little over $1 million to hackers to retrieve their data and regain control of their servers.
“I would’ve never dreamed this could’ve happened, especially in a small town like this,” said the mayor of Lake City, one of the two Florida towns victimized by ransomware.
Hackers have the public sector in their sights
The Florida towns are the latest victims in a string of ransomware attacks on US governments. Since 2013, there have been 169 successful ransomware attacks on state and local US governments, according to figures collated by threat intelligence company Recorded Future.
In 2018, Atlanta, Georgia, was hit hard by SamSam ransomware, which knocked out a range of critical public services, including water requests, court fee payments, online bill payments and warrant issuances. In April 2019, Ryuk ransomware infected a number of municipalities across the US, disrupting department phone lines in Imperial County, California and forcing system shutdowns in Stuart, Florida. A slew of local police departments have also been affected by ransomware in recent years, including sheriff’s offices in Maine, Arkansas and Lauderdale.
On May 2019, hackers used a new strain of the RobbinHood ransomware to take control of 10,000 computers belonging to the Baltimore government. The hackers threatened to delete the data unless the city handed over about $75,000 worth of bitcoin.
Baltimore refused. As a result, government email systems and payment platforms were forced offline for weeks, leaving citizens unable to access a wide range of essential services. In total, the attack caused the city $18 million in damage – enough to pay the original ransom 240 times over.
These incidents have prompted speculation over whether the attacks are being carried out by run-of-the-mill opportunists out to make a quick buck, or state-sponsored cyberterrorists hell-bent on causing wide-scale economic disruption.
Why are public entities targeted?
The main objective of ransomware is financial gain. Many departments in the public sector are responsible for providing services that are essential to a city’s functioning. If these services are taken offline for extended periods of time, it can have far-reaching consequences on the citizens who live in the area.
As a result, many cybercriminals believe that public departments will respond more quickly than organizations in the private sector and be more willing to hand over the ransom in order to minimize downtime and keep their systems running smoothly. Ransomware attacks on public entities also receive a lot of media coverage, which reinforces the idea that the attacks are highly profitable.
However, research shows that this may not be true. According to Recorded Future, just 17 percent of state and local government entities affected by ransomware pay the ransom. Meanwhile, figures from CyberEdge show that almost half (45 percent) of private organizations hand over the money.
Why are local departments less likely to cooperate? It largely comes down to protocol. At both a federal and local level, most municipalities strongly discourage their departments from making ransomware payments. In much the same way that most countries won’t negotiate with terrorists, many public entities have policies against making ransomware payments. No-payment policies are intended to disincentivize further ransomware attacks.
It is important to note that money isn’t always the primary goal. In some cases, cybercriminals single out public entities with the aim of gaining notoriety, which can raise the profile of their name and lend weight to future attacks. In other situations, ransomware attacks are politically motivated and designed to cause maximum disruption to a specific region or organization, or used as a smokescreen to disguise more devious cyberespionage.
Continue Reading
|