Ransomware Attacks Target Municipalities

Oct 9, 2019

The economic impact of ransomware attacks is expected to reach more than $11 billion in 2019, according to Cybersecurity Ventures. State and local governments are increasingly vulnerable, and North Carolina is not immune to this growing problem.

In March, the entire computer system of Orange County was attacked by a virus. The incident required officials to shutdown several public offices which paused services ranging from issuing marriage licenses to processing library cards. While these attacks may be alarming to everyday citizens, ransomware attackers are not interested in the personal data housed in government files. Their goal is instead to cripple daily activity enough to receive ransom in exchange for a key to unlock the data. Without that key, it is highly improbable anyone could recover encrypted data.

Host Frank Stasio talks with Jason deBruyn, WUNC’s data reporter, who has investigated the cybersecurity attacks in North Carolina and what municipalities are doing to combat future threats. Cybersecurity expert Richard White joins the conversation to highlight the power dynamics at play: companies and government agencies are willing to pay hundreds of thousands of dollars to regain access to their data while attackers face very little risk. He will analyze what is at the root of ransomware and what can be done to curb the trend. White is a professor at the University of Maryland Global Campus and author of “Cybercrime: The Madness Behind the Methods” (CreateSpace Publishing/2018).

INTERVIEW HIGHLIGHTS

deBruyn on why small and mid-size cities are increasingly targeted:

Basically it’s because they’re these soft targets … Perhaps some of these larger cities and big companies have more sophisticated protections in place, but some of these smaller cities like a Holly Springs, Apex or Zebulon … They don’t have huge budgets. They’re not really equipped to withstand a massive attack potentially.

 

This is not unlike a kidnapping - Jason deBruyn

deBruyn on the on-going cost of protecting data:

The thing to note here is that storing massive amounts of data in two different places is not free. Even if you’re not paying the ransom, the cost of storing a backup somewhere else — be it in the cloud with Google, Amazon—  costs money. There is still a very real cost to the protection here. 

deBruyn on the history of attacks: 

In 2016, there was one attack. In 2017 [there was] one attack. 2018 four attacks. And already so far in 2019, there have been nine attacks … They are definitely on the rise.   


 White on the method cyber attackers are using: 

[Ransomware] is a weaponized version of a tool that cybersecurity professionals use to protect the confidentiality of data. The bad actors have now incorporated that into their tradecraft and are forcing us to either go without data, cripple the business or pay the ransom which a lot of times you don’t get the data anyway. 

White on why the attackers are difficult to find: 

With tour routing, it’s a very special type of routing that hides the sender from the destination and visa versa and puts the sender through many layers. And now, the form of payment being requested as the ransom is bitcoin. It's very difficult to track bitcoin once it leaves the ledger and moves into the underground. 

White on how the FBI may have caused an uptick in ransomware attacks:

In 2015 the FBI’s mantra was: We advise you contact us, but we advise you pay the ransom if you want a chance of getting your data back … In the last week, the FBI has waned on the “pay the ransom” [advice]. They are encouraging the commercial market as a whole to stand against ransomware and not pay the ransom. That being said … Once the FBI advised to pay the ransom in 2015, there was a several hundred percent markup in the type of, the virulence of and the frequency of ransomware.