Ransomware Attacks on US Cities

Hackers have used ransomware to attack the data networks of the Baltimore city government, the Georgia courts system and the Lake City, Florida government, to name but a few city governments - and not even beginning to name companies and nonprofits. Hackers are more likely to attack city governments, assuming that cities will be desperate to release their files and pay the demanded ransom. The critical services provided by government agencies and the insurance they usually carry make them attractive targets for ransomware attacks. In the case of Baltimore, the attack halted home sales and water bill payments. Due to the sensitivity and urgency of services that government agencies provide to the public, cities cannot afford to leave their computer systems suspended for prolonged periods. 

Ransomware attacks start quietly: the program makes its way through the entire system and then it encrypts everything at once, making it impossible for you to access your files. At the same time, you get the ransom notice. At that point, the victim has to make a decision: pay the extortionists and get the decryption key and get your data and network back in fairly short order. Or refuse to cooperate and be willing to lose that data, which will cost untold millions of dollars and probably cost a lot of folks their jobs. 

The city of Baltimore decided not to pay the 13 Bitcoin ransom demand, roughly $75,000 when its systems were hacked with RobbinHood ransomware. The cost for the city has topped 18 million dollars. That follows on the heels of last year's attack on the City of Atlanta's computer network, where the hackers demanded $51,000. Atlanta refused to pay. The resulting damage has been estimated to cost around $17 million.

How much did the crooks want for the decryption key that would restore Lake City's information systems? "Their payment request was for 42 bitcoins," said Mike Lee, a sergeant with the Lake City Police Department. "At the time of the purchase, it was roughly $460,000." Lake City officials notified state and federal law enforcement personnel and then called their insurance company, the Florida League of Cities. Lee says Lake City was advised to pay the hackers. "We have received the decryption key and we are slowly making our way through our systems a little at a time," he said. "And at this point that key has proven successful where we've used it." The Lake City taxpayers had to pick up the $10,000 deductible but the rest, $450,000, was paid by insurance.

Here's more in an article from the Washington Post - which never says how a city can protect itself from these attacks. 

So, how does one protect itself from malware?

1. BACKUP. But even that's not enough, because many ransomware programs are specifically designed to search out backup devices across a network and cloud storage, encrypting everything in their path. To protect yourself, you either have to make regular backups to an external hard drive, which you then detach from your system after the backup (a pain to manage), or use a cloud service that provides automatic versioning so that if the most recent versions are encrypted, you can still recover from earlier versions.
2. Keep your system up to date! This is VERY hard for nonprofits and governments to do when they must use older computers and tech because of their limited budgets. When offering your budget to the board and funders, this can be great ammunition for your argument for why you need upgraded tech tools.  
3. Keep your browser and plug-ins up to date.
4. Keep educating staff, over and over, about opening attachments. It gets so tedious, but you have to keep telling people: don’t click on or open files in an email unless you know exactly what those files are. Since sender names can be spoofed, simply seeing that the sender is a friend, relative or colleague is not enough. If you do not now exactly what the attachment is, write the person - don't hit reply, if you know the person but, instead, email them in a new email - and say, hey, I got this file from you, it is called such and such, what is it? That goes for links, too.
5. Use a reliable antimalware program and keep it updated. Three examples: Kaspersky Internet Security, Bitdefender Total Security and Symantec Norton Security Premium.

And remember that ransomware isn’t just for Windows users. Ransomware has been discovered for Macs, too.