Ransomware continues to be a nightmare for individuals and businesses worldwide – but in the U.S., municipal government offices increasingly seem to be the target of choice for cybercriminals.
The city of Riviera Beach, Florida made news recently when it announced it was paying approximately $600,000 in ransom to undo a ransomware attack it suffered in late May. While not usually advised by law enforcement and security companies, city officials concluded that there was no other way to recover the files so the decision was made to pay the ransom.
Handing over 65 bitcoins doesn’t guarantee that their data will be restored, though. When Palm Springs in Palm Beach County was hit in 2018, officials paid an undisclosed ransom but still lost two years of data. In fact, less than half of those who pay a ransom ever regain access to their data.
In addition to the ransom paid, Riviera Beach also invested more than $900,000 into new hardware in the hopes that they do not have the same vulnerabilities as the old ones. That’s $1.5 million in damages from one attack.
Unfortunately, it sounds like city officials could have avoided making this payment and additional investment if they had followed some basic data protection strategies.
Costly attack
In the case of Riviera Beach, there was more to the attack’s success than an unpatched software vulnerability. Based on news reports, it seems that proper backups of the city’s data were never made, the government offices weren’t using the best anti-malware protection, and human error played a big role.
Put another way: someone in the police department opened a malicious email attachment that eventually locked files and shut down all of the city's services, causing more than $1.5 million in damages so far.
More than three weeks later, no computer systems are working properly, crippling the government offices. The city’s website and email are partially working, as are the finance department and water utility – but many other services are still offline.
The latest in a string of ransomware attacks
This is just the most recent case where a government office paid a ransom out of desperation. In March, officials in Jackson County, Georgia paid hackers $400,000 to regain access to their files.
During the past two years, more than 50 cities across the U.S. have been victims of ransomware attacks, including Atlanta, GA; Baltimore, MD; Greenville, NC; Albany, NY; Imperial County, CA; Cleveland, OH; Augusta, ME; and Lynn, MA. Even transportation services that are related to municipal government – like the Port of San Diego – have been targeted.
Ransomware still accounts for nearly 24% of malware incidents, according to Verizon's 2019 Data Breach Investigations Report (DBIR).
Time to learn the lesson (again)
While not every attack will be costly as much as the Riviera Beach or Atlanta attacks, the fact that these costs could be avoided is disturbing. First, continuous cybersecurity training of personnel to reinforce best practices of avoiding attacks on public computer systems would help avoid infection, meaning no ransom would need to be paid.
In addition, deploying a proper backup solution like Acronis Backup that includes an integrated anti-ransomware defense would help ensure an organization has a safe copy of their data. In the case of Riviera Beach, even a simple backup could restore their machines in a matter of several days if not faster.
Add the layer of a proactive, AI-enabled technology like Acronis Active Protection, and the incident may not happen at all since the attack would be detected and stopped in real time and affected files would be restored back in a matter of seconds. Acronis Active Protection deals extremely well with unknown, zero-day threats – an important consideration as more and more ransomware strains are crafted specifically for the chosen victim.
Final thought
Ransomware continues to threaten municipalities, companies, and individuals. In addition to deploying a complete cyber protection solution like Acronis Backup, there are simple security rules we’ve recommended for years that shouldn’t be overlooked.
- Install software patches regularly to fix vulnerabilities
- Activate a quality anti-malware solution
- Replace outdated and unsupported operating systems
- Train your personnel on security awareness regularly
Try Acronis Backup free for 30 days to see what true cyber protection looks like.
Already using Acronis Backup? Don’t forget to activate Acronis Active Protection to benefit from its anti-ransomware defense.
About Acronis
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.