8 Head-Turning Ransomware Attacks to Hit City Governments
Hackers know vulnerable systems when they see them, and they also know this: Many government systems are decades old, running Windows 7 and even Windows XP.
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt538538adc9f72aca/64f0d54d2a5f725871670122/1.jpeg?width=700&auto=webp&quality=80&disable=upscale)
Hackers know vulnerable systems when they see them, and they also know this: Many government systems are decades old, running Windows 7 and even Windows XP. So it's no wonder why the bad guys have been striking out against them with ransomware attacks in recent months.
Even school districts are getting hit, the most notable being the four districts that were attacked in Louisiana last month, prompting Gov. John Bel Edwards to declare a state of emergency.
To be sure, security teams can take some clear steps to stay secure and/or mitigate such attacks. Best practices include solid patch management, comprehensive phishing and email management education, and privileged access management, according to Phil Richards, CISO at Ivanti, who also advises reviewing the Center for Internet Security's 20 Controls. Additional guidance includes having good backups, reinforcing basic cyber awareness and education, and revisiting and refining cyber incident response plans.
But while an ounce of prevention is worth a pound of cure, attacks can't be fully prevented. The following slides review eight of the most high-profile ransomware cases to hit city governments since last fall.
Last month the Georgia court system was hit with a ransomware attack, resulting in at least part of its digital information systems being taken offline. Officials at the Administrative Office of the Courts confirmed the attack and said not all court systems were affected. As a precaution, the network was taken offline and the IT department worked with third parties to determine the nature of the attack.
The attack on the courts wasn't Georgia's first foray into a ransomware case. Back in March 2018, computer systems for the City of Atlanta were hit with ransomware, an attack that significantly disrupted city government operations and caused millions of dollars in losses. In that case, Atlanta refused to pay the $50,000 ransom and has since paid out millions to recover from the incident.
Dark Reading reported the news on July 1.
Following a ransomware attack in which Lake City, Florida, paid out $460,000, the city fired its director of information technology. The attack shut down the city's phones, servers, and email systems. The actual ransom was paid through the city's insurer, the Florida League of Cities. As of early July, the city was revamping its entire IT department to overcome the incident and setting up a system to ensure it doesn't happen again. As of late July, Mayor Stephen Witt reported that the decryption key has been working and the city's systems were fully up and running.
Dark Reading reported the news on July 2.
The City of Baltimore was hit with a major ransomware attack in the spring that locked down its servers and left the city's government without email, telecommunications, and disrupted real-estate transactions and bill payments. The city has kept the details of the May 7 attack largely under wraps over the past several weeks.
Meanwhile, some security experts obtained and studied samples of the so-called Robbinhood ransomware used in the attack, shedding some light on the code used in the devastating attack. Following the advice of the FBI, the city refused to pay the ransom. In a report published in Engadget, city officials estimated that the aftermath of the attack would cost the city $10 million, in addition to the $8 million lost while the city could not process payments.
Dark Reading reported the news on June 4.
In a rare move among state governments, Louisiana Gov. John Bel Edwards declared a state of emergency in late July following a series of attacks on three school districts around the state. A fourth attack on a school district also was reported on July 29. By issuing the formal declaration, the governor allocated statewide resources from multiple statewide law enforcement, IT, and academic organizations to work on defense, analysis and remediation efforts. These state agencies joined federal resources that had already been briefed, as well as local cybersecurity teams.
This is not the first time a state emergency declaration has been issued for cyberattacks. In 2016, then-Colorado Gov. John Hickenlooper declared a state of emergency because of attacks on that state's department of transportation.
Dark Reading reported the news on July 25.
City officials in Greenville, North Carolina, confirmed in early April that they were victims of the so-called Robbinhood ransomware, but few details were released. At the time of the attack, the city did not intend to pay the ransom and had brought in the FBI and outside security experts to help restore systems. Initially, all payments had to be made in cash, though residents needing to pay a parking or red light ticket could do so online via third-party vendors.
In a local TV report on April 25, the city confirmed it had resolved its ransomware issue without paying the ransom. Late last week, Brock Letchworth, the city's public information officer, confirmed the city resolved the issue by restoring backups to the day before the attack. He also confirmed the city was fully restored about three weeks after the initial attack was reported on April 10.
The incident was mentioned in a Dark Reading story about the Robbinhood ransomware on June 4.
Proof of ransomware's impact as a global threat became apparent in late July when Johannesburg's City Power, the municipal entity that delivers power to the South African financial hub, was hit with a ransomware attack that encrypted its network, databases, and applications. The attack prevented residents from buying electricity, uploading invoices, and accessing the City Power website. Officials said it also affected response time to logged calls, reporting that some of the internal systems to dispatch and order material were slowed down. Residents called a local radio station to say the attack had left them without power, Reuters reports.
The city, which owns City Power, said no personal data was compromised in the attack. Johannesburg joined a growing number of cities targeted with ransomware as criminals take aim at municipalities globally.
Dark Reading reported the news on July 25.
Last fall, West Haven, Connecticut, paid $2,000 to restore access to its computer system following a ransomware attack. West Haven officials said they paid the money to anonymous attackers via Bitcoin to unlock 23 servers and restore access to the city's systems. The attack disabled servers on a Tuesday morning; by the end of the next day, it was contained. At the time of the attack, city officials said there was no reason to believe data was compromised. Employee pay was not affected.
Last fall, West Haven, Connecticut, paid $2,000 to restore access to its computer system following a ransomware attack. West Haven officials said they paid the money to anonymous attackers via Bitcoin to unlock 23 servers and restore access to the city's systems. The attack disabled servers on a Tuesday morning; by the end of the next day, it was contained. At the time of the attack, city officials said there was no reason to believe data was compromised. Employee pay was not affected.
Hackers know vulnerable systems when they see them, and they also know this: Many government systems are decades old, running Windows 7 and even Windows XP. So it's no wonder why the bad guys have been striking out against them with ransomware attacks in recent months.
Even school districts are getting hit, the most notable being the four districts that were attacked in Louisiana last month, prompting Gov. John Bel Edwards to declare a state of emergency.
To be sure, security teams can take some clear steps to stay secure and/or mitigate such attacks. Best practices include solid patch management, comprehensive phishing and email management education, and privileged access management, according to Phil Richards, CISO at Ivanti, who also advises reviewing the Center for Internet Security's 20 Controls. Additional guidance includes having good backups, reinforcing basic cyber awareness and education, and revisiting and refining cyber incident response plans.
But while an ounce of prevention is worth a pound of cure, attacks can't be fully prevented. The following slides review eight of the most high-profile ransomware cases to hit city governments since last fall.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024