When hackers take down a sales office or small CPA firm, forcing employees to pause while the systems are restored or work from home if that process takes a day or more, it’s an unacceptable intrusion. The problem with cybercriminals is they are rarely satisfied with causing those types of temporary inconveniences. Most want money and the fear of major operational disruptions, such as hijacking and locking down their data and in turn helping boost their income streams.

Another segment of the cybercriminal community seems content with damaging people’s reputations (like the Ashley Madison hack) or messing with businesses. Some simply get their kicks taking down networks and websites or dabbling with ransomware purchased on the Dark Web.

Perhaps of greater concern is the growing community of cybercriminals supported, if not directly employed by nation-states. With virtually limitless resources, these groups present a significant threat to millions of organizations and the security of entire nations.

Consider the damage they could do to a regional power plant or a water treatment facility, or other types of public utilities. Those are real concerns for municipalities and the people charged with protecting their networks and data.

The most recent case involves the Onslow Water and Sewer Authority (ONWASA) in Jacksonville, NC, whose internal computer systems, including servers and personal computers, were compromised by a ransomware attack on October 13th.  The virus spread quickly along the network, encrypting databases and files, and shutting down email communications. Officials suggested the community’s water supply and the local environment were never in danger and there was no unauthorized access to customer information during or after the attack.

Despite that bit of good news, the authority didn’t make it through the attack unscathed. Their IT team likely spent a considerable amount of time recreating the ransomware-encrypted databases, restoring user access, and implementing additional layers of security. Reactive measures like these are usually quite costly, and the expenses tend to escalate as the organizations work quickly to address potential failure points and get a more comprehensive assessment of the damage.

Common responses to ransomware attacks include adding new security layers to isolate the virus and implementing (or boosting) awareness training to raise employee cyber-consciousness. Those procurements can be challenging for municipalities with few reserves and lengthy budget processes.

Not an Isolated Incident

The ONWASA ransomware attack is just the latest concern for local, state and federal officials. Earlier this year, the city of Atlanta reportedly spent $2.6 million recovering from a similar incident where cybercriminals were demanding about $50,000 worth of bitcoins.

The impact of that ransomware attack was far-reaching. Five of the thirteen local government departments were impacted, and some of the city’s most vital systems were shut down, including those that handle revenue collection, police department records, maintenance requests, and courtroom operations.

While critics suggest Atlanta officials would have been better off paying the ransom to save millions of taxpayers’ dollars, it’s hard to second-guess their approach. The complexity and labor involved in these types of system restorations would be costly regardless of who has the encryption key.

Mecklenburg County, NC experienced a similar ransomware attack in 2017 which affected 48 of the municipality’s 500 servers, leading to a complete system outage. Officials believe cybercriminals from Iran or Ukraine were to blame for this incident, though their demands for two bitcoins (about $25,000 at the time) in exchange for the encryption key were never fulfilled. Like most municipalities, Mecklenburg leaders chose to restore the files using backup data rather than pay the ransom, suggesting both scenarios would take the same amount of time.

Why Pay?

Many businesses and municipalities ignore the demands of cybercriminals. For some, like ONWASA officials, it’s a matter of principle. Any ransom monies paid out would likely be used to perpetuate or even escalate criminal activities. Imagine a politician trying to justify sending taxpayer dollars to potential terrorists or international mobsters?

There’s also no way to ensure that ransom payment would stop future attacks. Many IT experts suggest it’s better for municipalities and other organizations to spend a little more time and money addressing vulnerabilities after an attack than to pay up. In other words, it’s better to invest in cybersecurity improvements today than to hand over more bitcoins in the future.

How secure are your municipal clients? Their systems often manage critical infrastructure and vital emergency services for your community, and, as shown by the rising number of incidents, it only takes one slip in security to bring them down. MSPs and MSSPs have an opportunity, if not a responsibility, to provide the advice, services, and support municipalities and local agencies need to avoid becoming another statistic.

Do you have the skills, knowledge, and ability to make that happen?

Brian Sherman

Content Director @ IoTSSA and GetChanneled