Ransomware attacks demonstrate brittle cybersecurity infrastructure across United States
Ransomware really is a stage hog as it once again demands headline attention for doing what it does: causing chaos. In the past, myself and other professional outlets frequently cover the impending problems caused by ransomware. Usually, articles get into the fallout after a ransomware attack, with said attack hitting business networks. Other times ransomware makes headlines because it hits healthcare systems or even school networks.
But ransomware has also plagued cities in the United States for years, and the post-attack environment highlights how brittle city cyber infrastructure is.
The detailed problems of a city-focused ransomware attack
Stories about city-related ransomware attacks populate cybersecurity news from all over. From Atlanta to New Bedford, hackers compromised systems and shut down basic infrastructure for a short period. And given it’s a city, which cannot afford to lose basic operations, most are forced into paying a ransom. And the long-term impacts of it are devastating, not just from a financial perspective.
In Tennessee, the city of Collierville is one such example of extended consequences. The city suffered a ransomware strike in 2019, where it took them an entire year to rebuild services “back to standards.” It’s a city of roughly 50,000 people, all of which saw basic services disrupted for several days. But the recovery period was both costly and time-consuming with an estimated $100,000 in damages. What it also revealed was how unprepared many cites in the US were for ransomware attacks.
Service interruptions can be harrowing too. Anything from the loss of government website access to disrupting emergency communications is possible in a ransomware environment.
In the case of Collierville, the recovery cost was small in comparison to others, which easily breach the $1 million mark depending on the size/scope. In those cases, it’s because cities are forced to recover with their own resources, in cases pay the ransom. Though it’s discouraged, cities have little choice to pay said ransom, or otherwise deal with collapse in basic infrastructure.
City attacks create the most long-term damage
Public attention typically sees critical attacks take center stage. In December 2020, the SolarWinds fiasco brought ransomware to the forefront of mainstream discussion. Others, like the Colonial Pipeline attack, also put threat actors in proximity to infrastructure. And while attacks like the ones mentioned are indeed problematic, cities often suffer more in the long run.
There are a variety of reasons for the damage. For instance, IT professionals, experts, and cybersecurity staff are in short supply. Not just in the United States, but abroad as well. With this shortage comes a “brain drain,” and it impacts cities of virtually any size. Cities that lack on-hand experts cannot fight against cybersecurity threats as effectively. Or, when an attack is mitigated, recovering from the damage is a lengthy process, adding to total recovery costs.
There’s also the matter of money. The fact is, not all cities and businesses have the financial capital to pay for the ransom, or, have enough to help recovery. Financial resources such as the ones mentioned are reserved for social services or traditional infrastructure. And, considering that cyber threats are “new” for various places, the need to invest in cybersecurity hasn’t seemed necessary. But now, with the rush of remote working and explosion of attack surfaces, there’s many ways a city can feel the impacts of a cyber attack.
Underfunded cities regarding IT has been a trend going for years, if not decades. Unfortunately, the explosion of threat attacks has rocketed, and current defense infrastructure just isn’t there.
On the other side, despite the complexity of the strikes and their respective targets, ransomware attacks are surprisingly easy to launch.
The pandemic creates an entangled problem
COVID-19 also ballooned the issue. It created a plethora of new attack surfaces. Additionally, hackers and threat actors jumped on the opportunity to launch a variety of cyber assaults. The pandemic provided a perfect foundation for cyber strikes, were already overwhelmed networks/infrastructure were hit with ransomware.
This, unfortunately, left cities with weaker defense infrastructure. Even though organizations and businesses could recover post-malware attack, it’s cities often left recovering the longest.
In the continued fight for cybersecurity improvement, we have to look at all dimensions of good defense. Cities will need assistance, along with renovating their strategy to better defend against complex attack operations.