Over the course of the 2010s, ransomware attacks on city and state governments have increased in number and effectiveness. The lack of proper cybersecurity measures has highlighted a weakness in the US’s preparedness and ability to protect government data.
The potential harms go beyond financial exploitation of our government considering that the theme of ineffective cybersecurity seems to be widespread. Enacting sound cybersecurity policy is key to protecting our government’s resources and data, as well as improving the trust we have in our institutions.
Ransomware Attacks On US Cities
A basic definition of a ransomware attack would be:
“A bad actor gaining access to an organization’s network and distributing malware that blocks access to data unless a ransom is paid.”
This is often accomplished through phishing, but can also be done by analyzing and exploiting cybersecurity gaps. Something as innocuous as an employee clicking the wrong email link can plunge the entire organization into chaos.
A successful ransomware attack was executed against the city of Atlanta in 2018. The resulting damage was an estimated $17 million in total recovery cost to re-establish the network, in addition to the loss of years of police dashcam footage that would assist in DUI prosecutions.
This was one of the most publicized attacks, as attackers often target small to mid-sized cities because they have fewer resources invested in cybersecurity. There have been 169 catalogued ransomware incidents since 2013, but this is not a complete list considering some attacks are not publicly reported.
If there was a theme behind the many attacks occurring on US municipalities, it is that they are opportunistic. Cybercriminals will analyze vast numbers of municipal IP addresses to determine which are the most vulnerable and worth attacking.
Now it may seem obvious that the incentive for cybercriminals is financial in nature, so they will target cities that have ample resources and weak cybersecurity. This would be wrong. A study by Recorded Future found that only 17% of ransomware attacks received ransom payment.
Of course, many do target municipalities for ransom payments, there are other motives. One is selling access to compromised networks to large underground markets. Another is to advertise the effectiveness of your brand of malware and sell that malware for others to use. Even if the government does not pay, many cybercriminals have means to benefit financially from a successful attack.
The Effects Of Ransomware Attacks
The Financial Impact of Ransomware
The “ransom” of ransomware is the most visible financial detriment that results from an attack. Often the ransom is requested in the form of Bitcoin or another untraceable digital currency. But, as discussed previously, the majority of ransoms are not paid. While governments may not be paying, they do incur a huge cost as a result of an attack.
If an organization opts not to pay the ransom, they are still obligated to try and recover their encrypted data (Note: Even if the ransom is paid, it is not always guaranteed that the attacker will decrypt the data). The cost to recover can be immense, coupled with the upgrades many organizations add to their cybersecurity to be better prepared in the future.
For example, the city of Atlanta incurred costs of up to $17 million to recover files and update their cybersecurity, when the original ransom was $76,000. While some might not agree with paying off attackers, the exponentially higher cost should be factored into the decision.
Public Perception of Cybersecurity
As the number of confirmed ransomware attacks continues to increase, the public trust in our institution’s security begins to wane. When discussing the 2020 elections, a survey of American voters found that 87% view cybersecurity as a priority, and only 51% felt the government was adequately addressing cyber threats.
The harm that cyber threats could inflict on the US is not lost on its people. While attacks have primarily focused on city governments, the implication is present that the attacks could spread to other institutions. Things like Medicare, Social Security, and our elections could become the next targets.
The FBI report of 2016 election meddling by Russia is at the forefront of many people’s minds going into the 2020 elections, and major threats do exist. As voting becomes more technology-reliant, the risk that ransomware could disrupt voter databases continues to rise. A well-orchestrated attack could make it difficult to confirm who has voted and if they voted in the correct district, as well as hamper the ability to judge the results as fair.
Institutional Disruption of Ransomware
Ransomware attacks that encrypt data for ransom are particularly devastating to government institutions because they typically need immediate access to files and data. The urgency to quickly recover from the attack creates incentive to put the incident behind them.
If the data cannot be recovered, the effects can be widespread and unpredictable. They can lose control of confidential information like social security numbers and credit information.
It can also have significant operational impacts. If a municipality has their digital assets shut down, they could be forced to switch to pen and paper to continue their functions. In Baltimore in 2019, the city’s 911 system was affected for 22 hours. Public safety officers had to rely on manual dispatching, but some calls were inevitably missed or delayed.
Improving Your Defense Against Ransomware
Regardless of whether you think your organization is a target, there are certain vulnerabilities present in a majority of networks that could be improved. Cybercriminals can scan and assess thousands of IPs to determine if any is a target, so you should be operating under the assumption that your network is always being scouted for weaknesses.
Outside actors are able to locate weak points in the network infrastructure and find an exploit. This could mean credentials have been compromised, your email security is lacking, or organization members are not following best practices.
Cloud-based solutions are a low-cost and effective solution to improve network security. They tend to be much easier to use than on-premise infrastructure, and the set up and long-term maintenance are more manageable.
An advantage of choosing cloud services is that it beefs up your device identification, authentication security, and access management. By gaining full control over who has access to the network and securing the authentication method, it will be far more difficult to gain unauthorized access.
SecureW2’s certificate solutions are tailor-made to give full-access management control to the network administrators. Rather than using highly vulnerable credentials, certificate-based authentication ensures that no one without a certificate on their device can access the secure network. Our JoinNow onboarding solution simplifies the certificate enrollment process to a couple simple steps. Once equipped, certificates cannot be transferred or stolen, and do not expire regularly like password reset policies.
Certificates are embedded with user and device identity information, vastly improving your overall network visibility capabilities. They can also be set with comprehensive group policies that allow admins to dictate which users should have access to which applications or files. Our private PKI is available to any customers and ensures that no unapproved users can obtain a certificate.
While the network is protected by certificate security, there is still one vulnerability in the network that no software can fully protect: your users. People are almost always the weakest part of a cybersecurity system, so solutions like certificates that reduce the user’s security role are highly effective.
To protect the organization from social engineering attacks like phishing, hosting regular cybersecurity best practices meetings can make a huge difference. Tips such as being wary of unrecognized emails, using secure communication methods, and backing up files will equip your users to be the network defense you need.
Protect Against Ransomware With Certificates
Working online is vital for most organizations, government included. But the risks involved are often not properly addressed, and when cybersecurity becomes lax, the consequences can be serious.
The financial toll of an attack can be massive, and the impact on the public trust is even more alarming. People want to trust that their government is operating to safeguard their interests. Navigate to SecureW2’s pricing page to see if our cost-effective certificate solutions can protect your network.