Ransom, Where?

“The City of Baltimore is currently unable to send or receive email. If you need assistance, please call the department you wish to contact.”

Big companies and little consumers. Hospitals.  After massive ransomware cyberattacks in 2016 and 2017 against U.S. and U.K. hospitals, eradicating patient records and treatment plans, putting patient lives very much at risk, the healthcare community was forced to find the money to upgrade their antiquated computer systems. But now… there’s a new favored target.

Municipal governments. And they pay. Boy do they pay. “Targeted ransomware attacks on local US government entities -- cities, police stations and schools -- are on the rise, costing localities millions as some pay off the perpetrators in an effort to untangle themselves and restore vital systems.

“The tally by cybersecurity firm Recorded Future -- one of the first efforts to measure the breadth of the assaults -- found that at least 170 county, city or state government systems have been attacked since 2013, including at least 45 police and sheriff's offices.

“The firm compiled all known instances of ransomware infections of local government systems, a type of cyberattack that encrypts a computer's files, where the attacker demands payment --usually in bitcoin -- for a key to unlock them… The federal government and the FBI do not track the attacks nationwide.” CNN.com, May 10th. Twenty-two attacks just this year.

With austerity measures still the rule – after all, rich folks need to keep their taxes low – it is often these local governments that get hit and hit again. They have old computers, don’t have funds to support the state-of-the-art cybersecurity/mirroring backup systems that can stop hi-tech criminals and have Websites that are fairly accessible to the general public.

For those unwilling to pay the extortion price to restore their systems, the costs can even be higher. Reaching back to printed files, the unaffected computers in the system (generally not connected to the Web) and personal memory can take more personnel time, more work, than simply paying the ransom demand. Chaos is expensive. As noted, even local police records can be trashed and lost, a horrible reality to those smaller communities that actually do not have sufficient funds to pay the extorted sum.

Baltimore is a recent case in point. Not just a part of their online system… all of it. That quote above is quite real. Steven Melendiz, writing for the May 24th FastCompany.com, explains: “That comes after the city’s computer network was struck by a massive ransomware attack that Mayor Bernard ‘Jack’ Young said on May 17 could take months to fully recover from.

“‘We don’t have any [recovery] date as of now,’ says James E. Bentley II, press secretary in the mayor’s office. ‘They’re just working around the clock to secure the environment, and then once they are certain that they have a secure environment, they’re going to start working incrementally to bring applications and email back online.’

“The hack, first discovered on May 7, also interfered with real estate sales in the city since officials couldn’t verify that sellers didn’t have outstanding liens on their properties. The city has since introduced a new procedure effectively letting sales resume if sellers pledge to pay any outstanding debts on their properties. The attack also shuttered a “bad batch” warning system that lets drug users and healthcare workers know when there are especially deadly drugs being sold in the area, The Baltimore Sun reports, and made it impossible for residents to pay water bills and parking tickets online.

“The city government has so far refused to pay a 13-Bitcoin, or roughly $100,000, ransom demand that the attackers have claimed would let the city unlock files encrypted by the attack, which used a malware variant nicknamed RobinHood to encrypt city data.

“It’s not the first time government computers have been struck by ransomware—Albany, New York, suffered brief digital disruptions in April after a similar attack, and Atlanta reportedly took months and spent millions of dollars to recover from such an attack last year, allegedly the work of Iranian hackers. And experts warn that such hacks on government systems could continue, with municipalities in particular often struggling to keep up with the demands of cybersecurity.

“‘Security budgets overall are being cut for a lot of state and local governments, which means that they tend to be more susceptible to these kinds of attacks because they don’t have the budget for protecting themselves that say a bank does or a hospital does or a manufacturing plant does,’ said Allan Liska, an intel analyst at security firm Recorded Future, which recently published a report on ransomware and government computers.

“Online criminals don’t always set out to target local agencies in particular, but it’s possible that they see such targets as potentially lucrative due to the publicity hacks on them, he suggests in the report. While he estimates that government agencies are less likely to pay ransoms than other targets, it’s not unheard of for them to do so—Newark, New Jersey, reportedly paid about $30,000 in ransom after its computers were allegedly hijacked in 2017 by the same men accused in the Atlanta attack. Liska estimated in his report that there were 38 reported ransomware attacks on city and state governments in 2017, 53 in 2018, and 21 in the first three months of 2019… ‘We’re on pace to exceed last year’s,’ he warns.”

Cities need to redesign their systems so that internal devices and those exposed to the public are not linked together. Access to those internal systems needs to be severely limited and controlled. Thus, infected systems can be walled off. Sharing security data with other cities and states is also helpful in making sure cyber defense designs are kept up to date. Finally, maintaining constant and very separate backup systems is beyond essential.

Baltimore is a big city. Very visible, that’s taken pride in its high-tech “smart city” initiatives. And yet they were unprepared. “‘I think this is a wake-up call, obviously,’ says [Francis Dinha, CEO and cofounder of OpenVPN]. ‘A lot of these hackers and bad actors are getting smarter and smarter.’” FastCompany.com. Some of this activity comes from malevolent foreign governments. Most of it, however, comes from sophisticated cyber criminals out to make an easy, not-so-risky, buck.

              I’m Peter Dekom, and the ability for criminals to main online anonymity, operate offshore and deal in untraceable virtual currencies is a threat that demands high priority attention.