It can happen to anybody. You get a disk on key or an email with some photos, you get curious about the content, you open the file… and you unknowingly give hackers access to your organization. It happens in the most senior levels of the organization, as well as in municipalities in charge of tens or hundreds of thousands of lives.
The FBI and Homeland Security believe that, on May 29, 2019, it happened at the police department at Riviera Beach, Florida, according to the Palm Beach Post. “Someone in the police department… opened an email that unleashed a virus that paralyzed the city’s computer system, sending all of the city’s operations offline… [Consequently,] the city… has been operating as it did in the pre-Internet age… No email. Paper payroll checks. Handwritten traffic tickets,” the Palm Beach Post reported.
The way back to the 21st century? The city will pay around $600,000 to hackers in hopes to regain access to its own system – and it’s not the only one.
Almost 200 Attacks on Municipality Systems, and the Pace is Increasing
Research shows that “at least 170 county, city or state government systems have been attacked since 2013, including at least 45 police and sheriff’s offices,” reported CNN in May 2019, adding that “there have been 22 known public sector attacks so far in 2019, which would outpace 2018, and that does not take into account that attacks often aren’t reported until months or years after they’re discovered.
According to the Wall Street Journal, “municipalities… are less prepared than companies due to limited resources and difficulty competing for cybersecurity talent… They are also increasingly reliant on technology to deliver city services and some have aging computer systems.”
Therefore, repercussions are real, and expensive.
The Cost of a Cybersecurity Attack: Hundreds of Thousands of Dollars
When hackers take control of municipality systems, they often require a ransomware to be transferred in Bitcoin, so that it’s much more difficult to track them down. According to the New York Times, Bitcoin currency fluctuates extensively. When Baltimore, Maryland, was attacked in early May 2019, hackers demanded 13 Bitcoins to release all three hacked systems, which was then the equivalent of less than $75,000. Later in the month, reported the New York Times, the equivalent was $102,000. Baltimore refused to pay, even though it was expected to take months to recover otherwise.
Riviera Beach, on the other hand, agreed to pay 65 Bitcoins, the equivalent of around $600,000. Similarly, Lake City, Florida, agreed to pay 42 Bitcoin, the equivalent of $460,000, and let go its information technology manager in June 2019, reported Fox News. A Georgia county paid $400,000 in ransomware in March 2019, reported the Wall Street Journal.
These payments are unfortunate, and not just because of the taxpayer money and complete chaos for municipality employees and citizens, but especially since they could have been prevented in a much more cost effective, simple way.
The File Sanitizing Station that Will Prevent the Next Municipality Cybersecurity Attack
Denying access to computer systems is only one strategy hackers use in cyberattacks. Another known one is to insert malware into a system in order to access its data, without the organization ever finding out. In turn, that means a team member from one organization might not be aware that she or he is transferring malware via a removable device into another organization’s system.
One of the key reasons cybersecurity threats can enter a municipality’s organization so easily is that many municipalities don’t have systems in place to detect previously unknown or uncatalogued threats.
Modern malware prevention technologies perform file scanning and malware disarm before the file gets into the company network. The file sanitization can be done in multiple forms. For example, the odix kiosk can be placed at central office locations, where employees can go plug in removable media sources before plugging them to their own devices.
Using its patented military-grade content disarm and reconstruction (CDR) engine, the odix kiosk scans, disarms and rebuilds files into clean versions. Once it sanitizes them, it sends the safe copies to the users’ inboxes or back to a clean portable media. This entire process takes seconds, and completely neutralizes the threat of malicious manipulation.
Click here to request a demo, and together, we’ll protect your city, district or state.