Last month, cybercriminals hacked into critical parts of Baltimore’s computer systems. City officials announced on May 7 that a ransomware attack encrypted important data, including email, voice messaging, the city-wide parking ticket database, and the payment system that citizens use for utilities and taxes.
As of press time, the Maryland city was still struggling to respond. Initially, Mayor Bernard Young said he was refusing the hackers’ ransom demands: more than $100,000 (payable in Bitcoin, a hard-to-trace online currency with wildly fluctuating values) to unlock important IT systems and release encrypted files. Mayor Young admitted that his thoughts might change depending on how long the online thieves held out: “Right now, I say no,” he admitted to local reporters. “In order to move the city forward? I might think about it. But I have not made a decision yet.”
Government officials have yet to reveal how computer systems became infected with what The Baltimore Sun labeled “RobbinHood,” a relatively new strain of ransomware. But most attacks occur thanks to relatively simple security breaches: a user inadvertently clicking an illicit link or downloading an infected attachment; a hacker exploiting holes in the security layers that monitor remote access to computers; even a simple password compromise.
Unsurprisingly, Baltimore isn’t alone. Cities in North Carolina, Massachusetts, and Pennsylvania have recently fallen victim to similar ransomware attacks, and a report by security expert Allan Liska identified nearly 175 examples of state and local governments being hacked by ransomware since just 2013.
So What Can We Learn from the Baltimore Attack?
In Baltimore, the city budget office estimates the cost of the attack at more than $18 million. The bulk of that money has been spent on restoring systems, beefing up security protocols, and covering delayed or lost revenue—and the total is sure to increase as cleanup and recovery efforts continue.
The Baltimore mayor’s waffling about whether or not he’ll pay the hackers’ ransom reflects a disappointing fact: the city probably didn’t have robust, regular, and remote data backups they could fall back on. In the face of a ransomware attack, the only surefire way to keep your business running smoothly is to access a recently completed data backup on an uninfected machine. Working with a trusted IT provider, you can implement automated backups that store your company’s critical information in a remote location—and offer easy recovery options in case of a data disaster.
In many offices, all computers, servers, printers, and other devices share a hard-wired network. That means if ransomware infects one machine, the problem will immediately spread. But if desktops, laptops, and backup drives aren’t connected and one of them gets hit, disconnecting the Internet and shutting down devices can save some data. In Baltimore, city employees immediately took affected systems offline once the ransomware attack occurred (and immediately reported it to cybersecurity professionals), sparing key parts of the city’s IT infrastructure.
Many of the ransomware attacks plaguing city and state governments happen thanks to outdated systems. Hackers can easily scan thousands of online systems looking for specific security vulnerabilities, making basic protections like firewalls and antivirus just the first part of a robust cybersecurity strategy. At CMIT Solutions, we specialize in anti-malware software, Internet traffic analysis, and rapid security incident response to shield your business, your data, and your systems from bad actors.
The advanced security tools listed above are important, but so is your first line of defense: the people that work for you. With the right training, human beings can excel at valuable security tactics: reporting spam emails, identifying threatening links, avoiding illicit online ads, and strengthening passwords. Never underestimate the importance of ongoing education and training to keep employees up to date on the changing cybersecurity landscape.
If ransomware attacks, data hacks, and other security compromises seem never-ending, contact CMIT Solutions today. We’re dedicated to helping our clients survive and thrive in today’s complicated IT world by specializing in proactive monitoring, backup and disaster recovery, business continuity, data encryption, email archiving, and a host of other services.
No solution is 100% effective, but the more layers of security you construct between your important systems and ruthless cybercriminals, the safer you’ll be. At CMIT, we defend your network, secure your data, and empower your staff to be more productive. Contact us today so that we take care of your IT issues.