Cybersecurity concerns exist at all levels. Corporations and small businesses remain the most common targets for hackers and cyber thieves, but threats involving nation-states also continue to grab headlines. In fact, slowly but surely, government cyber-attacks at a municipal level are on the rise, where ransomware attacks hold city and county government hostage, forcing them to pay for their vulnerability. Between legacy systems that offer opportunity and a lack of financial resources, municipalities are often sitting ducks—and hackers are increasingly realizing this truth.
Every year, about a 1,000 government entities suffer from some type of cybersecurity breach. Notably, all types of government cyber-attacks have been rising for the last five years. But those involving municipalities are growing at a concerning rate. Since 2019, municipal cyber-events have increased by 60%, with Suffolk County, New York being among the latest. For these towns, such an attack can be devastating. Phishing and ransomware attacks can bring routine city operations to a halt. Naturally, the answer to the solution is better preparation and planning in addition to investigation. But thus far, best efforts at a municipal level often come up short.
“We train for these events, just the way we train for the pandemic. By 4 p.m. that day, we made a decision…We were just going to turn off the Internet to further contain this.” – Lisa Black, Chief Deputy County Executive, Suffolk County, New York
Suffolk County’s Cyber-Debacle
On September 8, 2022, city workers in Suffolk County began their day like any other. Police documented reports using their vehicle laptops. EMS utilized geolocation services to assist with dispatched calls. And thousands were communicating via email. But within minutes, that quickly changed when the county’s antivirus software alerted officials their computer systems were under ransomware attacks. Despite best efforts to contain the threat, officials eventually had little choice but to completely disconnect from the Internet. And now two months later, things are still not completely back to normal after the government cyber-attacks.
As far as government cyber-attacks go, the one at Suffolk may not rank at the top. Regardless, its impacts remain significant. It is estimated that over 470,000 driver’s license numbers were accessed via past parking violations. The hackers responsible for these ransomware attacks claim they escaped with more than four terabytes of data. These figures are highly concerning, but the negative effect on daily operations have been even worse. Just recently, email accounts were restored with many having difficulty accessing past communications. The county comptroller is still writing many paper checks each day. And online services like title searches and ticket payment systems remain mostly offline.
“At the local government level you don’t have the resources or ability to respond to what amounts to nation-state style attack — and it’s unrealistic to expect them to.” – Michael A.L. Balboni, President and Managing Director of RedLand Strategies
Preventing Government Cyber-Attacks
To Suffolk County’s defense, it’s not as if they closed their eyes to the potential threat of government cyber-attacks. In fact, they recently spent $6.5 million in cybersecurity initiatives to deter things like ransomware attacks. In fact, the county conducted system wide simulations in the event that such an occurrence might happen. And when it did, they proceeded through the correct steps before concluding things had to be completely shut down. Unfortunately, these efforts weren’t adequate to prevent their current state of affairs. And it’s a problem many small-to-medium municipalities have. Even state governments in recent years have declared states of emergency related to such attacks.
(Cyberattacks have struck schools–read more in this Bold story.)
In assessing their vulnerabilities in the aftermath, Suffolk County suffers from two problems common to many small governments. First, outdated legacy systems are still in place that are being utilized. These systems naturally pose less resistance to government cyber-attacks than more modern ones. Secondly, and related to the first issue, smaller towns and counties lack financial resources to update such systems or purchase new ones. This combination makes them prime targets for phishing and ransomware attacks. And unfortunately, for some, it’s cheaper to pay the ransom than it is to reinvest in better cybersecurity solutions.
“It was a lesson learned, and a very expensive lesson. And we learned very quickly of the investment that we had to make in cybersecurity all along.” – John M. Kennedy Jr., County Comptroller, Suffolk County
Ransomware Attacks On the Rise
Government cyber-attacks come in a variety of ways. However, ransomware attacks have become the more popular choice in recent years. One of the reasons for this is that ransomware has become more powerful. Compared to 2015, ransomware itself has become 57 times more destructive in its effects. At the same time, ransomware has earned hackers some nice profits. The average payment received for ransomware demands exceeds $570,000. In terms of Suffolk County, they have reported that no such ransom has been paid. But with little to lose, hackers are happy to keep at it until their ransomware payday comes.
The organization supposedly responsible for Suffolk County’s ransomware is called BlackCat. This professional hacking outfit has been responsible for a variety of corporate, institutional and government cyber-attacks. It is alleged to have been responsible for ransomware attacks on a U.S. defense contractor as well as a Florida university. It also was involved in a cybersecurity breach of Italy’s state-run electric utilities. But while the FBI and state authorities are investigating Suffolk County’s recent events, a positive outcome is unlikely. In the vast majority of these cases, hackers get away unscathed.
Municipalities Beware
At the moment, Suffolk County still has a long way to go before things get completely back to normal. The county’s website contains only a list of contacts and names. Online services remain limited. But the bigger issue pertains to the prevention of ransomware attacks in the future. In this regard, the county is planning on boosting their budget substantially to divert government cyber-attacks. But the fact remains that municipalities are highly attractive targets for today’s hackers. This is particularly true for smaller towns and cities with limited resources and capacities. Prevention and preparation remain the best choices to mitigate risks. And professional cybersecurity measures have now become a requirement rather than an option.