Over halfway through December and four major United States cities have been hit with ransomware. Malicious software took over computers and files were encrypted within government services from New Orleans, Louisiana, Pensacola, Florida, St. Lucie, Florida, and Galt, California. Last month, the entire state of Louisiana was attacked within the Office of Motor Vehicle systems, and it shut the operation entirely down for a couple of days. With more ransomware on the rise, it brings the public to wonder, what will the country do to fight off these cyberattacks from hackers?
Pensacola government offices had their email systems, telephones, Pensacola Energy, the online payment system at the sanitation department, and internet servers shut down as they felt a cyberattack on December 7. New Orleans called out a state of emergency after their computers and city servers were infected by ransomware on December 13. Galt, which is a suburb of Sacramento, California, felt their telephone and city email systems go down as everyone in the area was kicked offline on December 16. In St. Lucie, Florida, County Sheriff’s office went down along with their emails, and the fingerprinting and background check systems failed to work.
A group known as MAZE claimed responsibility for hacking into Pensacola’s systems, but there has been no definitive answer as to who was responsible for the others. Ransomware is when hackers typically demand money in exchange for a digital key that will decrypt all infected computers. The hackers demanded a $1 million ransom for those in Pensacola. There was no news on if the city paid the ransom, but they did pay $140,000 to Deloitte, which is a consulting firm to carry out an investigation on the attack.
New Orleans officials did not say if they received a ransom letter, but they stated the city will come back after a costly and slow recovery. Collin Arnold, who is the New Orleans’ homeland security director, said, “One positive about being a city that has been touched by disasters. Our plans and our activities reflect the fact that we can operate without the internet and without a city network.
There is no final price as of yet on the cost of repairing the cyberattack. Emsisoft, a firm that is certified in monitoring ransomware, had cybersecurity experts examine the damage in New Orleans and compared it to another attack that happened in Baltimore, Maryland, in May. The repairs from that attack cost over $18 million.
The numbers which came in recently were staggering. Since January, cyberattacks have become a growing trend within the government. There were 103 state, federal, and municipal agencies attacked, 86 schools and universities, and 759 healthcare providers, all under siege by ransomware.
Emisoft spokesperson Brett Callow put out this report, “Ransomware incidents increased sharply in 2019 due to organizations’ existing security weaknesses and the development of increasingly sophisticated attack mechanisms specifically designed to exploit those weaknesses. Combined, these factors created a near-perfect storm. A lot of these organizations don’t have the money for proper cyber-defense or to update their software, which makes them easy targets and low hanging fruit.”
Emisoft also put out a statement as a warning for all those using government software systems. “This report was originally scheduled to be published on January 1st, 2020. We have, however, decided to release it immediately due to a recent incident in which a ransomware attack may have resulted in a municipal government’s data falling into the hands of cybercriminals. We believe this development elevates the ransomware threat to crisis level and that governments must act immediately to improve their security and mitigate risks. If they do not, it is likely that similar incidents will also result in the extremely sensitive information which governments hold being stolen and leaked. We hope that releasing this report early will help kickstart discussions and enable solutions to be found sooner rather than later. Those solutions are desperately needed. The numbers contained in the report will be updated in the New Year and, unfortunately, will almost certainly be greater than the numbers currently stated.”
Their blog page followed up with this announcement to show how serious the situation is and how the word should spread. “Update- December 14th, 2019: Within 24 hours of this report being published, the city of New Orleans and several other public entities fell victim to ransomware attacks. We repeat the warning made above: the threat level is now extreme, and governments must act immediately to improve their preparedness and mitigate their risks.”