A special thank you to Maha Amircani for her guest post discussing the reality of cyber vulnerabilities faced by major cities. Maha is an attorney in Atlanta, Georgia and founder of Amircani Law. A Georgia native born to immigrant parents from Egypt, Maha represents clients in city, state and federal court litigation as well as administrative proceedings. Her practice specializes in the areas of personal injury, criminal defense, and real estate closings.
There has been a lot of interest in protecting businesses from the threat of ransomware. But, city governments are at real risk and the impact reverberates to people like me who interact with them daily. After the City of Atlanta ransomware attack in March 2018, this became crystal clear.
The 2018 Atlanta Ransomware Attack: City-Wide Effects
In March 2018, a serious ransomware attack occurred in Atlanta, the ninth largest American city. The "SamSam" ransomware attack demanded approximately $51,000 in bitcoin to restore the city's systems. More than one-third of Atlanta's necessary programs were knocked offline or partially disabled, with 30% of those affected programs considered critical services. Both internal city government systems, as well as external ones that allowed citizens to access the municipal court system or city services such as water, were affected, leaving customers unable to pay bills. "SamSam" is part of a family of malware (there are many other types) that has attacked many municipal governments and healthcare systems since 2015.
Almost three months passed before all of Atlanta's computer systems returned to normal. The Atlanta Municipal Court System was the last city agency to come back online following the March 22 attack. From that date through June 11 when the computer system was fully restored, court clerks had to fill out forms by hand. Individuals trying to resolve traffic tickets faced the major challenges as the court was unable to process their citations, even in person, before their court dates. The situation resulted in a flood of phone calls asking simple questions that no one could resolve.
Additionally, the court's online filing system was down, prohibiting anyone from checking the status of cases. This was of course to great concern to attorneys like me, who have incarcerated or out-on-bond clients whose freedoms hang in the balance. An unknown number of cases were postponed, while 10 years worth of data was lost, including police dashcam footage.
In addition to the delays, aggravation, and fears this attack caused, it could cost Atlanta an additional $9.5 million to fully resolve it in addition to the $2 million already spent.
Cyber Defense is Critical for City Governments
Cyber defense is especially critical for local governments and entities such as healthcare organization because hacks affect people's livelihoods. Denial of justice in the court system, breaches of confidential health records or unauthorized access to financial information are just some of the problems. Ransomware is a growing threat because not only can it attack a governmental system, it can spread through connected mobile devices and home computers, thereby making everyone a target.The fact that many government entities use legacy, or outdated, systems compounds the problem. Legacy systems continue to be used as many of the bugs or kinks in these systems have long ago been resolved, allowing the systems to operate at high efficiency. Federal agencies have begun the process of streamlining their IT practices and putting more into the modernization of their systems instead of maintaining old ones. At the same time, those agencies will also have to consider how they will remain compliant with federal mandates while undergoing IT modernization.
The time has come for those responsible for vulnerable systems to switch from a mode of cybersecurity to cyber defense. Cybersecurity implies the status of being free from danger or threat while cyber defense indicates a means of resisting an attack. The concept of cyber defense means a constant active resistance to attack. It assumes that an attack is always imminent, thus adequate defense must always be in place and upgraded as necessary.Cyber defense means coordinating new strategies to thwart attacks and includes patching strategy, leveraging analytics and machine learning and how our identities are asserted. Implementing a three-pronged approach of educating yourself and your employees, securing a proactive approach to ransomware and viruses and regularly backing up important files can help mitigate the effects of a cyberattack. It's nearly impossible to prevent all cyber-attacks, but by taking these additional steps, you can minimize your vulnerability:
- Personalize your spam settings to block dubious extensions
- Never open suspicious-looking attachments
- Always think twice before clicking
- Keep your operating system, antivirus, Adobe Flash Player and other software updated
- Keep firewalls properly configured and turned on
- Enhance the security of Microsoft Office components
After seeing the effects of such a cyber attack firsthand, I cannot overstate how important it is to take steps to protect yourself and your organization.
For more information on how Fornetix Key Orchestration can bring powerful encryption management and automation to your organization, enterprise, or city, please click here to request a complimentary demo.
Share this entry