Cyber breaches are destructive, costly and horrific incidents. Government agencies, hospitals and big retailers are primary targets because of the massive data they hold. They are especially attractive to cyber sleuths because that data is critical to ongoing operations.
Last month, Atlanta was the victim of such a cyberattack. SamSam, a targeted ransomware virus, breached the city’s network and it literally forced the city back into the Dark Ages where people had only paper and pens to do business. There was no access whatsoever to critical electronic records.
Even now – weeks after the attack – many systems are still encrypted. While Atlanta’s story is making headlines, it is not the only entity with cybersecurity framework that is attractive to attackers deploying SamSam. Other targets are local government agencies, hospitals and universities. These are organizations which not only have cyber vulnerabilities, but can also be forced to pay a ransom rather than deal with a network infection or forced downtime.
The Atlanta attack came without warning. The malicious SamSam ransomware began spreading throughout the city’s computer systems without any indication of how it entered the system. It quickly hit at least five of the city’s 13 departments – locking them out of their network completely, and others were forced to shut down and move to paper records to prevent the virus from spreading.
Today, some of Atlanta’s departments are attempting to function without access to 16 years’ worth of records but much of the city is still in significant chaos. The attackers have demanded a $51,000 ransom payment. Officials are unwilling to discuss details, which is understandable. Some employees have been allowed to turn computers back on, but even now, many systems remain unusable.
In January, an audit warned that the city’s IT department lacked some basic security features and there was no adequate plan for dealing with an attack. However, officials say the city was beginning to implement many of the suggested security advancements. Unfortunately, that’s the case in most cities. Very few cities in the U.S. are adequately protected from a cyberattack.
Unlike a data breach in which hackers steal data such as credit card or social security numbers and sell the data on the deep web (the black market of the internet), a ransomware attack performs a digital hostage takeover. It renders the networks unusable. Then, it demands a ransom payment.
Usually the ransom, or fee, is to be paid in a cryptocurrency which cannot be traced. Even that is not something that most public entities are prepared to do. Most ransomware attacks occur when an employee clicks on an email attachment or link, which allows a worm or Trojan horse (the malicious software) to enter the network. In fact, 90 percent of all cyber breaches are due to human error.
In the past year, data breaches and ransomware have become the most prevalent attacks on government organizations, with espionage being the top motive (64 percent) followed by financial gain (20 percent). In 2017, the average time to detect a data breach was 191 days, and the average time to contain a breach was 66 days. Improvements are being made but the cost of a cyberattack, no matter what type, is always extremely expensive.
In 2017, 92 public sector organizations confirmed 239 data breaches. Also in 2017, ransomware attacks moved from the 22nd most common threat to the 5th, with government agencies as the most prominent target.
Almost every governmental entity is now taking significant steps to defend its systems against cyberattacks. And, interestingly enough, the most basic immediate step is to train all employees about what not to do when working on a computer. That advice should transfer to every individual who does anything with a computer. Ransomware viruses are unfortunately becoming common on even the smallest types of businesses.