After a tremendous spike in ransomware attacks in 2019, city and state governments are faced with new cybersecurity questions. File Photo by Markus Spiske/Pixabay
Jan. 9 (UPI) -- After numerous costly cyberattacks against cities, towns and court systems worldwide in 2019, digital security is now an even greater -- and costlier -- priority for municipal entities at the start of a new decade.
Dozens of governments were confronted with serious ransomware attacks last year, and researchers observed significant growth in destructive malware. Cities like Baltimore and Greenville, N.C., were targeted in 2019 and saw critical systems crippled for most of the year. Most still haven't fully recovered.
Security experts from antivirus provider Kaspersky said at least 174 municipal institutions with more than 3,000 subset organizations were targeted by ransomware throughout 2019 -- a 60 percent increase from 2018. Additionally, IBM reported that destructive malware attacks that delete data from target computers rose by 200 percent over the first half of the year.
The attacks shuttered government systems for extended periods of time, and, for those that paid the ransom, cost cities hundreds of millions of dollars to recover data and strengthen digital infrastructure.
Now, at the start of a new decade, the surge of ransomware attacks have forced municipalities into a grim scenario -- pay to beef up their digital security, or risk having to pay the hackers.
Cybersecurity expert Jacob Doiron, an information systems lecturer at San Diego State University, said government entities, healthcare institutions and school districts are some of the most common targets for these kinds of attacks because they have important data but often don't properly focus their budget on addressing IT and security needs.
"A lot of the time criminal agents or cyber actors know that the services they're providing are critical so they're more willing to pay," he said. "Because at the end of the day, this is a criminal enterprise, and there's a profit motive that's generating all of this stuff."
Last summer, two small cities in Florida agreed to pay hackers ransoms totaling more than $1 million, hoping to quickly regaining control of their hijacked files -- which experts say is a risky endeavor because there's no guarantee they'll actually recover.
Christopher Scott, global lead for IBM X-Force's remediation services, said the decision to pay ransoms should ultimately boil down to weighing whether they can risk their systems being offline for an extended period of time.
"If you have all of this information that's inaccessible, and you can't run your business without it -- [and] have thousands of people who could lose their job if you don't pay ... you're going to pay that ransom," he said.
Doiron warns, however, that paying off cybercriminals creates a self-fulfilling cycle.
"Even though they've paid the ransom, all they're doing now is paying into that system and making it more profitable," he said. "So these bad actors are more likely to carry out this type of behavior."
Scott and Doiron said RYUK and MegaCortex were some of the most commonly deployed forms of malware for larger targets last year. Additionally, they said, such ransomware schemes are most commonly distributed through "phishing" campaigns that con unsuspecting employees into giving hackers access by clicking on a dubious link.
"These smaller attacks are more scattershot blanket attacks where they're just trying to see who falls for it," Doiron said. "That's often more effective against governments, healthcare or public institutions.
"[For] larger companies that would pay out more, it takes a little more sophistication to get in."
Scott said the best way to prevent repeat attacks in 2020 is to isolate data backups, protect security credentials and install multiple layers of defense to isolate individual computers.
"At some point, you're going to get a spearfish that's well crafted enough that someone is going to click it," he said. "Losing one machine to an attacker is different than losing an entire environment.
"That's really what the focus has to be on -- focusing on detecting early and responding quickly."
