Ransomware attacks lead to devastating issues for businesses. Loss of customer data and confidential company information comes to mind. But, ransomware attacks also damage corporate reputation, which can have long-term consequences. Once customers notice that their personal information has been compromised in an attack, there is a strong possibility that they take their business elsewhere.
That’s the thing though – customers dust off their hands and look elsewhere to do business. But, what if ransomware attacks affected the everyday services their taxpayer money pays for? What if online services that are offered by local county governments are shut down? The idea is a bad nightmare, and bad actors in ransomware attacks are making that nightmare a reality.
In fact, more than 3,400 state, local, tribal and territorial governments in the U.S. experienced ransomware attacks between 2017 and 2021, according to data from the Multi-State Information Sharing and Analysis Center.
As for 2022, high-profile attacks against local authorities included a strike on the Los Angeles Unified School District, an attack on Bernalillo County in New Mexico in January, and an attack on Fremont County in Colorado in August.
In the Bernalillo County attack, the computer systems in the government offices as well as the websites of several county departments were taken offline, impacting the 675,000 residents in the county, which includes Albuquerque.
For Fremont County, the attack affected office computer systems and county employees could not access their business emails and county buildings had to be closed.
More recently, Suffolk County in New York experienced a ransomware attack that affected more than 1.5 million residents. Upon discovery, county workers isolated financial databases and disconnected the network from the internet to prevent the spread of the ransomware attack.
Taking this measure showed a ripple effect. Offices that became comfortable with working digitally during the pandemic had to revert to pen and paper. Email was not available. Court proceedings, waste collection and other vital infrastructure services were delivered without internet access. It felt as though time reverted backward by 30 years.
With the network closed to outside traffic, the hackers did not reach staff to make their demands. The attackers did, however, post on their dark website a sample from four terabytes of data they claim to have stolen from the county. The heist included court and law-enforcement records, and they demanded payment.
Suffolk County still feels the effects two months after the initial attack. The county’s public website has been reduced to a list of agency email addresses and phone numbers. Food stamp distribution is delayed. Parking ticket payments are unavailable online. Residents must physically go to county offices for vital services. Basically, most digital services are still impacted.
Remember, this is a county of more than 1.5 million people. One can only imagine the impact an attack would have on Los Angeles County in California or Dallas County in Texas.
“Too often, these attacks succeed because public schools, municipal governments and other small government agencies don’t have the resources, staffing, tools and expertise necessary to put forth a proper defense,” said Chris Cruz in a WSJ article by James Rundle. Cruz is the former chief information officer for San Joaquin County, California, who now works as the public sector CIO for cybersecurity company Tanium.
First and foremost, to prevent ransomware or any other cyber attacks, organizations must update technology and security postures. Many municipalities are using outdated technology, which precludes them from performing basic security tasks, such as security updates and using MFA. MFA is not a new concept, and the inability to implement what are now fundamental security practices underscores the dangers of not modernizing infrastructure.
Municipalities also need to take a similar approach to what the Department of Defense did with Palo Alto Networks with Cortex Xpanse. The global attack surface management platform Cortex Xpanse enables customers to mitigate attack surface risks, manage the unmanaged cloud and assess supply chain security.
Looking to others providers – like an MSP, for instance, which works with trusted security vendors –helps local governments and businesses implement the right protocols to better protect their systems and residents’ PII. It can mean the difference between falling victim to a cyber attack and keeping networks and data safe.
The incident in Suffolk County is just another reminder that local governments are just as prone to ransomware attacks as businesses. It is up to them to act with a strong cybersecurity defense or risk paying a high price.
Edited by Erik Linask