Published on July 22nd, 2019 📆 | 2357 Views ⚑
0Small Town Government, Big Time Cybercrime
Last month, the city of Riviera Beach, Florida, was crippled by a ransomware attack that led to it paying a hefty sum to recover government systems.
A city spokesperson confirmed earlier this month that the government had voted unanimously to pay the ransom on top of the costs of attempting to fix and replace the computers that were compromised in the cyberattack.Â
Just days later, it happened again: another Florida city, Lake City, confirmed to reporters that it had been compromised by a ransomware attack and agreed to pay the ransom to regain control.Â
âI wouldâve never dreamed this couldâve happened, especially in a small down like this,â Lake City Mayor Stephen Witt told local CBS News reporters at the time.Â
Unfortunately, researchers warn, cyberattacks on local governments are probably going to be an increasingly common occurrence â and taking the stance of âit wonât happen to meâ could be a costly one.Â
âAmericans are getting their identities stolen every two seconds. Weâre at war and donât realize it. They attack every industry you can think of,â said Ron Bush, an information security consultant, in a recent interview with NWI.com.Â
Ransomware attacks are on the rise within local and state governments, he added, leading to revived debate about how to handle such a scenario.Â
The latest cases of two Florida cities paying the money to regain their systems has raised controversy over what to do in the case of a ransomware attack. The Federal Bureau of Investigationâs official position on the matter is to not pay the ransom. However, as NWI.com reported, experts agree that often paying the ransom is often less expensive than replacing systems and starting from scratch. The downside, however, is that attackers may sell stolen data on the dark web and, once a ransom is paid, those hackers may demand payment again later, Bush warned.Â
âItâs a cost-benefit analysis,â explained Sera Solutions Founder and Owner Seth L. Spencer in an interview with the publication. âWhen you pay, the files are decrypted in nearly 100 percent of the cases because itâs automated when the payment is received. When youâre a government or hospital and held up so you have to ease operations, paying tens of thousands of dollars might make sense. Whatâs the alternative?âÂ
Below, PYMNTS examines some of the latest data behind the rise in government bodies being targeted in cyber and ransomware attacks â and the price tags with which these attacks come.Â
65 Bitcoin, or about $600,000: the cost of regaining data for the city of Riviera Beach when it decided to pay the ransom. As reports in WPTV noted, the vote to pay the ransom followed a previous agreement reached to spend about $1 million to replace compromised computer equipment.Â
$460,000:Â the price tag for the Florida city of Lake City to regain control of its data and systems after its ransomware attack. According to the cityâs mayor, Stephen Witt, the insurance the city has will cover âall of it except $10,000,â a cost he added will be passed onto taxpayers in the form of higher insurance rates, reports said.Â
$132,000:Â the value of Bitcoin that LaPorte County paid to ransomware attackers earlier this month. The Indiana county, 65 miles from Chicago, was hit by the Ryuk virus in what appears to be a growing trend: cyber attackers targeting small government entities that often lack sophisticated cybersecurity measures and often run on outdated software, according to Keeper Security Founder and CEO Darren Guccione in a recent interview with WGNTV.Â
20+ municipalities, cities, counties and state governments have fallen victim to some type of cyberattack so far this year, according to Recorded Future data. Keeper Securityâs Guccione told WGNTV that nearly one-quarter of cities and counties in the U.S. are fending off a cyberattack on their networks once an hour.Â
30 years have passed since the first recorded ransomware incident, Recorded Future said in its report published in May. The modern version of ransomware, in which attackers demand payment in bitcoin, first emerged in 2013. As analysts noted, local governments being targeted by ransomware attacks is nothing new: They were among the crimeâs first targets. However, Record Future warned, these attacks appear to be growing: in 2016, researchers confirmed 46 attacks on local and state governments. Last year, that figure hit 53.Â
Gloss