It is becoming fairly common that small city or municipalities are the most profitable victims of cyber threats and cyber attacks using their ransomware campaigns. Here, we have featured at least two cities that were victims of ransomware infection, Riviera City (Florida) and Baltimore (Maryland). The city councils of both cities decided to pay the cyber crooks the ransom money in a desperate attempt to restore the encrypted files from the city’s workstations and servers.
Many local governments clearly operate their computing infrastructure lacking cybersecurity awareness, let alone defenses. These entities are living examples of “if it ain’t broke, don’t fix it” principle when it comes to software and hardware lifecycles. Hence, as long as the hardware has not broken down, it will never be replaced. The same way as the software they use on the same machine, they continue working beyond the supported status. The bad combination of old unsupported hardware and old discontinued software is a recipe for cyber attacks and cyber threats for anyone that uses the computer for any Internet-related activity.
“To stay one step ahead, we must look at these attacks and question if they are more than what they seem. “Could these attacks be a dress rehearsal for larger scale, potentially more detrimental attacks? We don’t have the evidence to prove that yet, but we have to be prepared that it may well be the case either now or in the future,” emphasized Troy Gill, AppRiver’s Senior Cybersecurity Analyst.
One thing is for sure, municipalities and small cities collect taxes and definitely generates money on their own. Hence, they are “rich enough” to afford $100,000 to around $300,000 in cryptocurrency as the ransom payment when infected by ransomware. These same cities and municipalities have insurance coverage that they can rely on when it comes to certain emergencies. Some victim cities of ransomware in fact already utilized their respective insurance policies to pay the ransomware authors (any cyber threats or cyber attacks), in hopes of receiving the decryption key.
This action of paying for ransom is a direct opposition to what NBI has advised companies not to do, the law enforcement agency highlights that paying for ransom encourage for virus authors to develop more ransomware strains. NBI also highlights the possibility of victims paying for the ransom, but since they are dealing with cybercriminals, there is a possibility that the decryption key will never arrive even after paying for it.
What we recommend here is to only use supported software under a fairly modern hardware with a mandatory backup procedure for all users. Unlike the ‘90s to early 2000’s, the cloud-storage service is a dime-a-dozen these days, many of them are even free to use up to a certain capacity/transfer rate.
Microsoft, Google, Apple, Dropbox, Amazon, and the list of top vendors continue to grow when it comes to cloud storage service availability. We can also now ignore the existence of lesser-known, but also reliable secondary and tertiary cloud-storage services that are cheaper and may perform better at your geographic location. With the commoditization of cloud-storage, performing file backup can be done in an automated way without the need for users to manually intervene. Restoration can also be performed every time, as client software is usually required to perform both backup and restoration (not through Windows Explorer), even ransomware running in the machine cannot detect the cloud storage.