Could the Baltimore Ransomware Attack Have Been Prevented?
Baltimore is just the latest city to fall prey to a ransomware attack that took down critical city services on May 7. Shortly before that, it was Greenville, N.C., and just last year, it was the city of Atlanta under attack.
Ransomware, or malware is malicious software that encrypts documents on a PC and throughout an entire network, making them inaccessible. Ransomware is usually activated when a user opens an innocent looking email attachment. Once it has infected your network, the cybercriminals provide a ransom amount you must pay to regain access to your files. In the Baltimore case, the perpetrator requested 13 bitcoins, equivalent to almost $100,000 to release the 10,000 computers.
But this wasn’t the first time Baltimore had been hit with a malware attack. Just last year, another cyber attack took down their 911 system.
The current attack took place after the city had been warned — and during the transition from outgoing mayor Catherine Pugh to current mayor Bernard C. “Jack” Young, leaving city services crippled. Services like water billing and other online payment systems as well as the city’s email and phone systems were down for weeks. While manual workarounds are being used for other city services like real estate transactions and event rentals, residents’ wait times for interactions with city agencies have increased, bringing the city’s operations to a slow crawl.
Why State and Local Governments are Attractive Targets
This type of cyber attack has become so common that in 2018 there were 53 reported attacks on local and state governments, while 21 attacks were reported in the first four months of 2019, predicting an overall increase for the entire year. Baltimore, like many cities, was not prepared, so was an easy target for cybercriminals.
Here are the reasons why these types of institutions are targeted.
Unlike businesses in the private sector, local governments can’t hide a ransomware attack. As it often directly affects public citizens, there’s nowhere to hide when a breach occurs, as in Baltimore where residents could not pay property taxes, parking tickets or water bills. This left city services at a visible standstill.
Cities and other local governments house a large amount of critical data within their systems, all valuable to cybercriminals. With such a vast amount of data like this, these types of entities are even more vulnerable.
Finally, with limited budgets, these institutions simply do not have the financial means for improved IT infrastructure, more staff resources — or in the case of the Baltimore ransomware attack, cybersecurity insurance. Also, as technology moves so quickly, these institutions lack the resources to manage patches and other vulnerabilities until it’s too late.
The Cost to Repair is High
The inconvenience also comes with a loss of productivity and increased costs for a city like Baltimore with a population of more than 600,000 residents. Without insurance — and perhaps even with it — it takes time to restore systems to normal operations.
In Greenville, N.C., the city refused to pay the ransom, and instead is working hard to restore and rebuild servers. Unlike Baltimore, they had purchased cybersecurity insurance with a $50,000 deductible. Similarly, Atlanta also had insurance, yet it was projected to cost at least $17 million to completely restore services and rebuild their data and IT infrastructure.
These malicious attacks and the lack of data accessibility will continue to be costly for small governments. In 2017, costs associated with ransomware had reached $5 billion, and this year are projected to skyrocket to $11.5 billion, according to Cybersecurity Ventures.
How Cities and States Can Better Protect Themselves
While avoiding a ransomware attack is not entirely unavoidable, with the assistance of a trusted partner, there are a few things state and local governments can do to help mitigate these risks. Cloud backup and disaster recovery is one such method.
With a backup and disaster recovery tool, you can regain access to your files in mere minutes. This saves the amount of downtime that users suffer — and allows you to avoid paying hefty ransomware demands. It also provides backup and rollbacks in no time. This type of service stops the attack while creating a virtual image of your file server. Once the infected computer is cleaned, you can connect to the virtual server.
Another option is implementing a secure operating system like Google Chrome and its related devices. With built-in security and seamless updates, Chrome ensures that you are running the latest and most protected version. Sandboxing contains viruses and other threats to keep them from spreading. If you are already using Chrome, another way to make your organization safer is by switching from traditional PCs and laptops to Chromebooks. These can be wiped clean after each user’s work is completed, providing another layer of security.
The best solution for keeping your IT infrastructure up to date is to invest in a managed services provider. By outsourcing these functions, you can be sure your data will be protected and secure from vulnerabilities. Updates and other patches will be applied as soon as they become available.
At this time, more than a month later, the cyber mess in Baltimore is still wreaking havoc on the city, its residents — and beyond. It is estimated that it will cost tens of millions of dollars to repair, and without insurance, it is likely that these costs will filter down to residents.
Secure your IT infrastructure and prevent a malicious attack from holding you hostage. Start with our free backup and disaster recovery assessment.