Lake City, a small city in Florida, was very happy staying out of the headlines and providing residents the quiet and simple joys unique to small towns. An unexpected event changed that overnight: Cyber criminals took control of the city’s computers and demanded $462,000 in ransom to free them. Lake City reluctantly agreed to those demands, and payment was made with Bitcoin through the city’s insurance company.
This was the second week in a row a cyberattack was made in Florida. The prior week an attack was made against Riviera Beach, a small city near West Palm Beach. In that incident, Riviera Beach’s city council authorized a ransom payment of $600,000 to regain control of its computers.
These incidents began with a malware (short for malicious software) attack that quickly led to a demand for ransom. Although emergency services were not affected, the attack made emailing impossible and also disrupted some of the city’s services.
A Sign Of The Times
The cyberattacks described above targeted small cities, and while the demands made by the attackers were high they were not as outrageous as they could have been. Still, cyberattacks are a growing problem as hackers are becoming more sophisticated, targeting larger prey and raising their ransom demands.
These days criminals are demanding – and getting – six-figure payments. The Riviera Beach ransom was nearly 12 times the demand Atlanta refused to pay a year ago. By comparison, several years ago cyber crooks were demanding only a few thousand dollars. Within the last year, larger U.S. cities have also been targeted by cyber criminals, including Newark, San Diego, and Los Angeles. Numerous related crimes were perpetrated abroad.
According to the security website cyware.com, cyber criminals “have become highly sophisticated,” and as a result “it’s becoming extremely challenging for any security team to provide foolproof security to organizational networks.”
There are additional consequences to these computer hacks, too. Very often when computer systems are breached, highly personal and sensitive information is stolen. Other ramifications may include a drop in a company’s stock, lower profits, and nearly concluded business deals put on hold or canceled.
Several months ago, criminals seized control of some of Baltimore’s computer systems and demanded $76,000 to release them. That attack froze real estate transactions and shut down websites used to process water bills and other services.
Baltimore refused to comply with the criminals’ demands. However, at least in this case, the honorable choice proved to be an expensive one, as the city is facing at least $18 million in IT costs, lost and delayed revenues, and in repairs.
CNBC reports that in 2017, cybercrime cost the global GDP an amazing $600 billion – and this number certainly has increased since then.
Over Here, Over There
CSIS, the Center for Strategic and International Studies, has compiled a list of cyberattacks on government agencies, defense, and high-tech companies. Clearly these attacks were of a different magnitude than those made on the small cities in Florida. A few that were made on and by foreign entities follow:
*Iran developed a network of websites used to spread false information about the US, Israel, and Saudi Arabia.
*Hackers used a phony email campaign in Lithuania to discredit its defense minister.
*Iranian hackers attacked banks, local government networks, and other public agencies in the UK.
*Pharmaceutical giant Bayer announced that it had thwarted an attack by Chinese hackers targeting sensitive intellectual property.
Ironically, some of the most brazen hacking attacks are allegedly carried out using stolen NSA technology.
Attackers are said to be targeting both companies and cities regularly. An official at one of the major US banks said cyberattacks against it are virtually nonstop. Attacks occur “every day and many are never publicized,” he said. Local governments are especially vulnerable as many of their computer systems are outdated.
Michael Tanenbaum, head of North America Cyber and Professional Liability at insurance giant Chubb, said, “We see an increased frequency against municipalities.”
The FBI advises against paying ransom to hackers, saying there’s no guarantee they will release data and that it could make victims more susceptible to future attacks. But sometimes victims don’t have a choice. In March, for instance, Jackson County, Georgia, paid $400,000 when it realized that a cyberattack had not only taken control of its computers but also compromised its backups.
And that’s not the worst scenario. “What terrifies me is if a successful attack is made against a large target,” says Jeff Kosseff, cyber-security expert at the US Naval Academy.
With the frequency of cybercrimes increasing and with the bad guys becoming more daring and attacks more sophisticated, he’s not the only one terrified by this prospect. This roller coaster shows no signs of ending any time soon.
Sources: cnbc.com; csis.org; cyware.com; wsj.com; zerohedge.com