Shutterstock
Health + Tech /19 Sep 2019
09.19.19

What You Should Know about State and Local Government Hacks

Hacks that affect state and local governments are increasingly in the news lately. Cybercriminals view those entities as easy and lucrative targets, and they don’t seem likely to relent with these attacks anytime soon. Here are some things people should know about these government hacks.

Most of the Hacks Involve Ransomware

Ransomware is a type of malware that restricts a victim’s access to their files unless they agree to pay an amount that the hacker demands, but paying does not guarantee the hackers will restore access. Out of desperation, many state and local government authorities affected by these ransomware attacks decide to pay the ransom and hope for the best.

These cases are costly, even when companies decide not to pay. For example, in May 2019, hackers struck the city infrastructure in Baltimore, Md., and took down most of the associated computer systems. The hackers demanded tens of thousands of dollars. City officials didn’t pay up but alerted the FBI for further investigation.

Recently, the city voted to put $6 million toward beefing up its cybersecurity and obtaining insurance to help equip the city in case similar attacks happened in the future. Previous estimates noted that the total cost of recovering from the cyber attack would be more than $18 million from the lost and delayed revenue and the steps taken to make the systems less susceptible to cyber attacks.

More recently, the Rockville Centre school district in Long Island, N.Y., announced that it paid almost $100,000 to get its files back after a ransomware attack in July. It was one of several targeted facilities in four school districts. However, not all affected entities paid the ransom because some had their files backed up. A representative from the school district says it now has a decryption tool to restore access to the compromised data, but the recovery process is slow.

Some Areas Go Offline for Security

Once local or state governments get word of a threat or a successful attack, they tends to spread the word to organizations in the surrounding area. That happened recently when 23 entities in Texas got targeted in a ransomware scheme. After hearing the news, a city and county decided to take its network offline before hackers could strike.

Officials stressed that residents could still do things like call 911, pay taxes or fines and contact their offices by telephone. Citations and jail sentences also remained in effect. However, the city’s workers did not have access to their email, and people could not carry out credit card transactions at City Hall, for example.

Given how many people are dependent on their email accounts, it’s understandable this approach would slow down the workflow and make specific tasks more challenging to accomplish. But, taking this proactive approach may be preferable to getting in a situation where authorities feel they have no choice but to pay any ransom.

The results of a newly published study from IBM Security showed that while 80% of the respondents worried about ransomware’s effect on cities, 60% did not want their tax dollars to go toward paying ransoms. The majority of those polled said they’d rather that victims of the government hacks wait and see how the ransomware plays out, rather than rushing to give in to the hackers.

A Variety of Risk Mitigation Strategies to Explore

There is no single guaranteed preventative measure against these attacks. That’s why government authorities must assess all possible weak points and how to deal with them. For a start, governments and their contractors must have the appropriate risk mitigation strategies in place.

For example, contractors must invest in the resources needed for self-assessments and use the results of those to demonstrate readiness to the governments that hire them.

Looking for risks and reducing them are crucial measures, but some governments also deem it necessary to purchase insurance to get protected. Sometimes, that happens once they see other affected authorities used their insurance to pay the ransom demands.

For example, the Rockville Centre school district did that, as did Lake City, Fla., which spent $470,000 of insurance coverage to satisfy the hackers.

The insurance company took care of communicating with the hackers and settling on the final amount paid. And, the bill to the city’s residents, through tax dollars spent, was only $10,000. That amount covered the deductible for the insurance plan.

However, cybersecurity analysts often insist that the best course of action to avoid government hacks, or indeed, any other kinds, is to deploy known and effective strategies to protect a network. For example, keeping systems updated and properly patched against vulnerabilities are excellent first steps. Training to help people spot the signs of suspicious emails could also help since the malware often gets distributed through email systems.

According to an article from The New York Times, a tool developed by the National Security Agency (NSA) is instrumental in these recent attacks. After getting stolen in 2017, the device, known as EternalBlue, reportedly helped hackers carry out attacks from other nations, including Russia and China. However, cybersecurity analysts believe it’s a common denominator in these latest government hacks.

However, it seems impossible for local or state governments to approach federal authorities about this matter because the NSA refuses to acknowledge the loss of EternalBlue or make further comments about its whereabouts or use. For now, the correct thing for lower-level governments to do is to be aware that this tool exists and know that sources say hackers used it to orchestrate these newest attacks.

Prevention Is Better Than Scrambling to React to a Problem

Hackers typically like to plan the most damaging attacks possible and give them the highest likelihood of lucrative results. Unfortunately, many local and state authorities have far fewer strategies in place for stopping these cybercriminals. In situations where government bodies have not yet experienced the aftermath of these cyberattacks, they should put their resources toward preventing them from happening.

Making progress may require hiring cybersecurity experts, retraining staff members and going through new processes to keep infrastructures more safeguarded and current. Although those changes require adjustments from everyone involved, they could also stave off catastrophes, making them worthwhile.

Then, if government authorities cannot stop hackers from affecting their systems, the ideal approach to take afterward is to assess what failures occurred to let the cybercriminals infiltrate. Only then can they determine how to go about tackling the shortcomings.

Hackers will likely keep targeting government authorities until those attacks become less fruitful or feasible to achieve. That’s why the time is now for government workers to take cybersecurity seriously and treat it as an ongoing concern.

If you're interested in writing for International Policy Digest - please send us an email via submissions@intpolicydigest.org