“The City of Baltimore is currently unable to send or receive email.
If you need assistance, please call the department you wish to contact.”
Big companies and little consumers. Hospitals. After massive ransomware cyberattacks in 2016
and 2017 against U.S. and U.K. hospitals, eradicating patient records and
treatment plans, putting patient lives very much at risk, the healthcare
community was forced to find the money to upgrade their antiquated computer
systems. But now… there’s a new favored target.
Municipal governments. And they pay. Boy do they pay. “Targeted
ransomware attacks on local US government entities -- cities, police stations
and schools -- are on the rise, costing localities millions as some pay off the
perpetrators in an effort to untangle themselves and restore vital systems.
“The tally by cybersecurity firm Recorded Future -- one of the first
efforts to measure the breadth of the assaults -- found that at least 170
county, city or state government systems have been attacked since 2013,
including at least 45 police and sheriff's offices.
“The firm compiled all known instances of ransomware
infections of local government systems, a type of cyberattack that encrypts a
computer's files, where the attacker demands payment --usually in bitcoin --
for a key to unlock them… The federal government and the FBI do not track the
attacks nationwide.” CNN.com, May 10th. Twenty-two attacks just this year.
With austerity measures still the rule – after all, rich
folks need to keep their taxes low – it is often these local governments that
get hit and hit again. They have old computers, don’t have funds to support the
state-of-the-art cybersecurity/mirroring backup systems that can stop hi-tech
criminals and have Websites that are fairly accessible to the general public.
For those unwilling to pay the extortion price to restore
their systems, the costs can even be higher. Reaching back to printed files,
the unaffected computers in the system (generally not connected to the Web) and
personal memory can take more personnel time, more work, than simply paying the
ransom demand. Chaos is expensive. As noted, even local police records can be
trashed and lost, a horrible reality to those smaller communities that actually
do not have sufficient funds to pay the extorted sum.
Baltimore is a recent case in point. Not just a part of
their online system… all of it. That quote above is quite real. Steven
Melendiz, writing for the May 24th FastCompany.com, explains: “That comes after
the city’s computer network was struck by a massive ransomware attack that
Mayor Bernard ‘Jack’ Young said on May 17 could take months to fully recover
from.
“‘We don’t have any [recovery] date as of now,’ says James
E. Bentley II, press secretary in the mayor’s office. ‘They’re just working
around the clock to secure the environment, and then once they are certain that
they have a secure environment, they’re going to start working incrementally to
bring applications and email back online.’
“The hack, first discovered on May 7, also interfered with
real estate sales in the city since officials couldn’t verify that sellers
didn’t have outstanding liens on their properties. The city has since
introduced a new procedure effectively letting sales resume if sellers pledge
to pay any outstanding debts on their properties. The attack also shuttered a
“bad batch” warning system that lets drug users and healthcare
workers know when there are especially deadly drugs being sold in the
area, The Baltimore Sun reports, and made it impossible for residents
to pay water bills and parking tickets online.
“The city government has so far refused to pay a 13-Bitcoin,
or roughly $100,000, ransom demand that the attackers have claimed would let
the city unlock files encrypted by the attack, which used a malware variant
nicknamed RobinHood to encrypt city data.
“It’s not the first time government computers have
been struck by ransomware—Albany, New York, suffered brief digital disruptions
in April after a similar attack, and Atlanta reportedly took months and spent
millions of dollars to recover from such an attack last year, allegedly the
work of Iranian hackers. And experts warn that such hacks on government systems
could continue, with municipalities in particular often struggling to keep up
with the demands of cybersecurity.
“‘Security budgets overall are being cut for a lot of state
and local governments, which means that they tend to be more susceptible to
these kinds of attacks because they don’t have the budget for protecting
themselves that say a bank does or a hospital does or a manufacturing plant
does,’ said Allan Liska, an intel analyst at security firm Recorded Future,
which recently published a report on ransomware and government computers.
“Online criminals don’t always set out to target local
agencies in particular, but it’s possible that they see such targets as
potentially lucrative due to the publicity hacks on them, he suggests in the
report. While he estimates that government agencies are less likely to pay
ransoms than other targets, it’s not unheard of for them to do so—Newark, New
Jersey, reportedly paid about $30,000 in ransom after its computers were
allegedly hijacked in 2017 by the same men accused in the Atlanta attack. Liska
estimated in his report that there were 38 reported ransomware attacks on city
and state governments in 2017, 53 in 2018, and 21 in the first three months of
2019… ‘We’re on pace to exceed last year’s,’ he warns.”
Cities need to redesign their systems so that internal
devices and those exposed to the public are not linked together. Access to
those internal systems needs to be severely limited and controlled. Thus,
infected systems can be walled off. Sharing security data with other cities and
states is also helpful in making sure cyber defense designs are kept up to
date. Finally, maintaining constant and very separate backup systems is beyond
essential.
Baltimore is a big city. Very visible, that’s taken pride in
its high-tech “smart city” initiatives. And yet they were unprepared. “‘I think
this is a wake-up call, obviously,’ says [Francis Dinha, CEO and cofounder of
OpenVPN]. ‘A lot of these hackers and bad actors are getting smarter and
smarter.’” FastCompany.com. Some of this activity comes from malevolent foreign
governments. Most of it, however, comes from sophisticated cyber criminals out
to make an easy, not-so-risky, buck.
I’m Peter
Dekom, and the ability for criminals to main online anonymity, operate offshore
and deal in untraceable virtual currencies is a threat that demands high
priority attention.
No comments:
Post a Comment