Special Report - ransomware currently holding several cities hostage

By in
Special Report - ransomware currently holding several cities hostage


You may not be aware of several high-profile ransomware attacks that have occurred recently in many of our local governments such as Atlanta Georgia, Cleveland, Ohio, Baltimore, Maryland and Albany, New York. These attacks have put businesses of all sizes on alert and security companies such as ours are ramping up with a range of tools to better defend organizations of all sizes in these cyber wars.

For starters, let’s talk about Atlanta Georgia. You may have seen this on the news, how back in March of 2018, Cybercriminals rendered several of Atlanta’s key computer systems inaccessible and demanded a ransom of $51,000 in bitcoin to unlock them. Of course, Atlanta officials refused to pay the ransom.

However more than a third of Atlanta’s 424 software programs were taken offline or partially disabled during the attack and more than 30 percent of the affected applications involved Atlanta’s services, including police and court systems.

Recently however, a “confidential and privileged” report was leaked to The Atlanta Journal and Channel 2 Action News and it disclosed that the Atlanta ransomware attack recovery costs may total as much as $17 million. The report cited roughly $6 million in existing contracts and $11 million in potential costs associated with the ransomware attack.

Moving on to Cleveland Ohio, where Cleveland Hopkins International Airport where this past April they battled a ransomware attack that knocked out some displays and disabled their email system. They only formally acknowledgement the attack six days after city officials soft-pedaled the April 21 hijack as a technical malfunction. The city, which disclosed the attack the next day, didn’t admit it was malware that caused the system problems until Thursday April 25th. While the hackers engaged the city-owned airport, officials didn’t engage the cyber kidnappers and according to Airport chief Robert Kennedy, the hackers never made a ransom demand. For now the airport is “safe” but only time will tell if they can keep the criminals at bay.

Baltimore Maryland has also had an interesting month. On May 7th the city of Baltimore, suffered a ransomware attack that knocked out the majority of the city’s servers and some government applications. Critical Baltimore systems such as 911 and 311 were also affected as the bad actors were able to get into those systems during a firewall maintenance window back in March. A city spokesperson described the situation as “serious”. Hackers are demanding 13 Bitcoin, or nearly $80,000 to decrypt the files, which the city thus far does not intent to pay. As of now, about 3 weeks later, over 10,000 city government computers are frozen, between 2 to 300 closings have been delayed as the city couldn’t tell title insurers whether the seller had any unpaid liens, Baltimore’s health department can’t access the state network that helps them warn the public when bad batches of street drugs trigger overdoses and the city’s public-works department can’t generate new water bills for customers, which could mean residents will get unusually high bills once the problem is fixed.

In a press conference, newly appointed Mayor Bernard Young said he didn’t know how long the affected systems would be down nor did he specify how the malware had entered the city’s network. He said that there is a backup system that is managed by their IT department but they can’t just go and restore the backups because they don’t know how far back the virus goes. For the time being, city workers are having to perform tasks manually so if anyone wants to reach the city, the best way to do it so is to pick up the plain, old telephone and give them a call.

The FBI is involved with the investigation although restoring service is a painstaking process and city officials have conceded that some systems will need to be completely rebuilt. The malware attack and resulting fallout suggest that the Maryland municipality did not have a proper cybersecurity and disaster recovery plan in place.

Now moving on to the city of Albany, New York, where last month they suffered a ransomware cyberattack that impacted some Albany police department systems, including scheduling and email applications that are accessed over the Internet. Also, the attack apparently impacted computers in patrol cars. It’s important to note that Albany is the capital of New York. Roughly 100,000 people reside in the city, and more than 1 million people are in the immediate area. The mayor did not disclose the specific strain of ransomware; whether Albany lost any data; or if the city paid any ransom to the attackers. They’re keeping this incident a bit on the down low for now.

These attacks however are just the tip of the iceberg. For example, in April, Augusta, Maine suffered a highly targeted malware attack that froze the city’s entire network and forced the city center to close. Also in April, Hackers stole roughly $498,000 from the city of Tallahassee, Florida’s employee payroll system. And just a few weeks before that in March, Jackson County Georgia officials paid cybercriminals $400,000 after a cyberattack shut down the county’s computer systems.

The Take Away

If anything, it seems that these events are escalating with city and counties become the focus of highly targeted attacks that affect us all.

Although ransomware certainly remains a global problem, proactive organizations can leverage a mix of cybersecurity safeguards and best practices to mitigate the risks associated with such malware.

For instance:

  • Patch management software can close known vulnerabilities that ransomware often exploits — essentially locking down digital doors and windows that malware often targets.
  • Several modern, next-generation endpoint protection software platforms detect and block most versions of ransomware.
    Backup and recovery software, coupled with a business continuity plan, can rapidly restore data in the event of an attack.
  • Third-party managed security companies, such as what we do here at SOS, can proactively monitor, manage and mitigate these threats.

If you have any questions about ransomware or have the need to better safeguard your organization. We can help. Stay safe out there