Municipalities in California, Florida, Maine, New York, and North Carolina were victims of ransomware attacks in the month of April. The financial constraints placed on a city’s ability to spend money on cybersecurity coupled with internet-delivered city services and the data stored in a city’s systems make municipalities the perfect target for ransomware attacks.
Five Cities Hit by Ransomware Attacks in April
Imperial County, Calif.; Stuart, Fla.; Augusta, Maine; Albany, N.Y.; and Greenville, N.C. were all either shut down from new ransomware attacks or struggling to recover from an older incident.
- Imperial County, California and Stuart, Florida – Imperial County and Stuart were both hit by Ryuk ransomware, which is designed to target enterprise environments, forcing its website to go dark and causing some city systems to malfunction, including a number of departments’ phone lines. Imperial’s network was offline for over five days while Stuart is still trying to recover from the ransomware attack. The attack has caused workers to use their personal email as well as Facebook accounts to communicate with residents.
- Augusta, Maine – Augusta City Center operations were closed after being hit with malware, which is assumed to be ransomware, on April 18th. According to city officials, the malware gained entry into the network in an unknown fashion and then methodically locked up endpoints and servers. The attack has affected the police dispatch system, the municipal financial systems, billing, automobile excise tax records, assessor’s records, and general assistance.
- Albany, New York – In the first week of April, the City of Albany was hit but an unknown ransomware attack that crippled the city’s police department and City Hall networks. The police department’s scheduling system, incident, and crime reports were all inaccessible while City Hall was unable to access residents’ birth certificates, death certificates or marriage licenses. While the ransomware attack caused inconveniences for the police department and city residents, it appears no personally identifiable information was compromised during the attack.
Why Municipalities Continue to be Targeted by Ransomware Attacks
Internet-Delivered City Services
If you take a walk downtown and your city has parking meters, chances are you will be able to use your credit or debit card to pay for parking. This is simply one example of how cities are getting more and more involved with IP-based activities to deliver services to residents. However, this also gives attackers more opportunities to engage in malicious behavior.
“I would say there are a couple of big pressures that I think are relevant to most industries, but state and local governments are also exposed to it,” says Chris Kennedy, CISO at AttackIQ. “First and foremost is the rapid expansion and availability of technology capabilities.”
Data Stored in City Systems
State and local governments offer a wealth of information on its citizens. Cybercriminals want to take advantage of that collection of information to commit fraud or sell it on the dark web.
“Most people don’t realize cities have massive amounts of data. It’s amazing the different types of data that they have,” says Gary Hayslip, CISO for security firm Webroot. “…They have everything from permits to people paying their water bills to parking tickets to whatever… U.S. cities are very, very similar to large multinational businesses.”
Financial Constraints
While U.S. cities can be compared to large multinational businesses as far as data is concerned, a city’s cybersecurity budget unfortunately doesn’t compare. First and foremost, cybersecurity can become an overwhelming problem for cities as most are understaffed in that department. Furthermore, the limited budget forces municipalities to outsource their cybersecurity. When cybersecurity becomes outsourced, it comes down to how well these contractors are managed which is often a difficult task in itself.
To make matters more difficult, technology refresh cycles are becoming shorter and shorter each year. The typical refresh cycle is about 18 months, and whether it’s due to workforce or budgetary constraints, cities can’t keep up.
“In a business, you can do rip and replace. You can go ahead and say we’re going to be down and we’re going to stand up a parallel data center, and we’re going to flip over and rip out all this stuff and then go on about our business,” says Kennedy. “That’s very hard to do when you have citizens that are riding on the services that you provide and don’t like to have their services interrupted.”
Based on the activity we saw in April, ransomware attacks on municipalities aren’t going away. Fortunately, we have you covered on how to budget for cybersecurity for the coming years.