Ransomware: Why Hackers Have Taken Aim at City Governments

Monday, August 19, 2019

Sam Bocetta

D63b67548a5fd4323d25d572dd43bd76

When the news media reports on data breaches and other forms of cybercrime, the center of the story is usually a major software company, financial institution, or retailer. But in reality, these types of attacks are merely part of the damage that global hackers cause on a daily basis.

Town and city governments are becoming a more common target for online criminals. For example, a small city in Florida, Riviera Beach, had their office computers hacked and ended up paying $600,000 to try to reverse the damage. Hackers saw this as a successful breach and are now inspired to look at more public institutions that could be vulnerable.

Why are cities and towns so susceptible to hacking, how are these attacks carried out, and what steps should administrators take to protect citizen data?

How Hackers Choose Targets

While some cybercriminals seek out exploits for the sole purpose of causing destruction or frustration, the majority of hackers are looking to make money. Their aim is to locate organizations with poor security practices so that they can infiltrate their networks and online systems. Sometimes hackers will actually hide inside of a local network or database for an extended period of time without the organization realizing it.

Hackers usually cash in through one of two ways. The first way is to try to steal data, like email addresses, passwords, and credit card numbers, from an internal system and then sell that information on the dark web. The alternative is a ransomware attack, in which the hacker holds computer systems hostage and unusable until the organization pays for them to be released.

City and town governments are becoming a common target for hackers because they often rely on outdated legacy software or else have built tools internally that may not be fully secure. These organizations rarely have a dedicated cybersecurity team or extensive testing procedures.

The Basics of Ransomware

Ransomware attacks, like the one which struck the city government of Riviera Beach, can begin with one simple click of a dangerous link. Hackers will often launch targeted phishing scams at an organization's members via emails that are designed to look legitimate.

When a link within one of these emails is clicked, the hacker will attempt to hijack the user's local system. If successful, their next move will be to seek out other nodes on the network. Then they will deploy a piece of malware that will lock all internal users from accessing the systems.

At this point, the town or city employees will usually see a message posted on their screen demanding a ransom payment. Some forms of ransomware will actually encrypt all individual files on an operating system so that the users have no way of opening or copying them.

Ways to Defend Yourself

Cybersecurity threats should be taken seriously by all members of an organization. The first step to stopping hackers is promoting awareness of potential attacks. This can be done through regular training sessions. Additionally, an organization’s IT department should evaluate the following areas immediately.

  • Security Tools: City governments should have a well-reviewed, full-featured, and updated virus scanning tool installed on the network to flag potential threats. At an organization level, firewall policies should be put in place to filter incoming traffic and only allow connections from reputable sources.
  • Web Hosting: With the eternal pressure to stick to a budget, cities often choose a web host based on the lowest price, which can lead to a disaster that far exceeds any cost savings. In a recent comparison of low cost web hosts, community-supported research group Hosting Canada tracked providers using Pingdom and found that the ostensibly “free” and discount hosts had an average uptime of only 96.54%.For reference, 99.9% is considered by the industry to be the bare minimum. Excessive downtime often correlates to older hardware and outdated software that is more easily compromised.   
  • Virtual Private Network (VPN): This one should be mandatory for any employee who works remotely or needs to connect to public wi-fi networks. A VPN encodes all data in a secure tunnel as it leaves your device and heads to the open internet. This means that if a hacker tries to intercept your web traffic, they will be unable to view the raw content. However, a VPN is not enough to stop ransomware attacks or other forms of malware. It simply provides you with an anonymous IP address to use for exchanging data.

Looking Ahead

Local governments need to maintain a robust risk management approach while preparing for potential attacks from hackers. Most security experts agree that the Riviera Beach group actually did the wrong thing by paying out the hacker ransomware. This is because there's no guarantee that the payment will result in the unlocking of all systems and data.

During a ransomware attack, an organization needs to act swiftly. When the first piece of malware is detected, the infected hardware should be immediately shut down and disconnected from the local network to limit the spread of the virus. Any affected machine should then have its hard drive wiped and restored to a previous backup from before the attack began.

Preparing for different forms of cyberattack is a critical activity within a disaster recovery plan. Every organization should have their plan defined with various team members assigned to roles and responsibilities. Cities and towns should also consider investing in penetration testing from outside groups and also explore the increasingly popular zero-trust security strategy as a way to harden the network. During a penetration test, experts explore potential gaps in your security approach and report the issues to you directly, allowing you to fix problems before hackers exploit them.

Final Thoughts

With ransomware attacks, a hacker looks to infiltrate an organization's network and hold their hardware and data files hostage until they receive a large payment. City and town government offices are becoming a common target for these instances of cybercrime due to their immature security systems and reliance on legacy software.

The only way to stop the trend of ransomware is for municipal organizations to build a reputation of having strong security defenses. This starts at the employee level, with people being trained to look for danger online and learning how to keep their own hardware and software safe.

About the author: A former defense contractor for the US Navy, Sam Bocetta turned to freelance journalism in retirement, focusing his writing on US diplomacy and national security, as well as technology trends in cyberwarfare, cyberdefense, and cryptography.

 

Possibly Related Articles:
25211
Security Awareness
Risk Management Ransomware security defenses zero-trust security city government
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.