Local governments rarely prepare for a cyber attack, nor do they have a disaster recovery plan, which makes them vulnerable to ransomware attacks. Cybercriminals will attack nearly four out of 10 public-sector networks this year using ransomware.
Ransomware is truly dangerous. Cybercriminals will take files, and then encrypt them. Once encrypted, there is nothing that a municipality can do; the only option is to pay the ransom and receive a decryption key. Municipalities that don’t pay lose their files.
Few small towns have the resources to make cybersecurity a priority; there are no policies, no procedures and no recovery plans in place. Cyber criminals will adjust their ransom demand to the municipality’s population, figuring that small towns and cities wouldn’t have access to too much money. The small city of Cockrell Hill, Texas refused to pay a $4,000 ransom in 2017 and lost police files dating back to 2009.
Cybercriminals generally ask the municipality to pay the ransom in Bitcoin. Criminals love the cryptocurrency. Payments made in Bitcoin are untraceable and municipalities can’t reverse the payment. To make it easier for small towns that are unfamiliar with using a virtual currency, the file kidnappers include instructions on how to pay the ransom. They show the municipality to create a virtual wallet and buy Bitcoins.
Since there is no guarantee of getting the files back, the Federal Bureau of Investigation tells victims of ransomware not to pay the ransom to get a decryption key. While this does happen, ransomware wouldn’t continue to work unless cybercriminals provided the description key to release the files at least some of the time. Organizations that do pay may go on a list circulated by cybercriminals as known payers.
Anyone housing a grudge against their local government can buy a ransomware kit online and start disrupting their town without any programming skills. While a custom ransomware kit can cost up to $3,000, many are much lower in price.
While hiring an in-house cybersecurity specialist isn’t in the budget of small towns, backing up data with high-level encryption cloud storage or using external devices, such as external hard drives that are disconnected from the computer after the day’s backup, usually are affordable. Additionally, most governments insist that municipal employees use strong passwords as well; this tactic comes at no additional cost and is very easy to execute.
As a local government official, I find it very important to keep my city, and its citizens, safe.