The Public Sector and its Fight Against Ransomware

In 2019, more than 11 county, city or state government systems fell victim to ransomware attacks, costing millions of dollars to fix after the damage was done. Now, cities like Youngstown, Ohio, are understanding the severity of the matter and looking at ransomware in a whole new light by investing more than $22,000 annually for $1 million in cybersecurity protection.

Ransomware attacks, in which hackers infiltrate a computer system and hold a user’s information hostage until a ransom is paid, continue to be a growing concern. And now with cryptocurrency gaining popularity, cities, schools, and businesses are all looking for ways to protect their assets and their reputations, including holding Public Sector Insurance to mitigate liability.

Last December, New Orleans went so far as to declare a state of emergency after its security staff detected ransomware and phishing attacks on its networks. This gave the city’s officials more power to shut down any and all computer systems and networks and cut out the possibility of more intrusions. But many are asking if extreme measures like these have to be taken or if there will be other solutions that will prevent a city from shutting down its networks.

Attacks are starting to become more sophisticated and harder to detect. Cities like Pensacola and Riviera Beach in Florida both saw attacks that shut down public services, including government email and emergency services. Ransomware attacks are believed to be distractions from bigger issues at hand, such as more diabolical attacks taking place behind the scenes. For instance, in New Orleans, officials say while the system was hacked, no demand for money was made.

As cities continue to grow more increasingly digitally dependent, connecting everything from stoplights to sewage through a blockchain grid online, they’re becoming fresher targets for hackers. While technology may be helping to streamline processes, it’s also opening the door for hackers to come in and disrupt the system.

Common issues include remote desktop ports being open to a public internet. This would allow anyone to access a city’s network or the opportunity to break through email protections that could be in place to block impostors from sending out emails.

The cost for a ransomware attack could be anywhere from $500,000 to millions of dollars. These payouts are only expected to rise, especially as information becomes more valuable and systems become more interconnected. To combat this, cyber insurance and insurance for public officials are both highly touted to cover the risks and cleanup costs.

For example, in Baltimore, Maryland, for example, the city had to pay out an estimated $18 million after declining to pay a ransom of 13 bitcoin, or $76,000. Even still, more than 225 mayors across the country have signed a resolution to not pay out ransoms to attackers as it’s never a guarantee that the hacker(s) will give back the stolen information or compromised systems if they are paid.

For now, authorities in the field are suggesting that cities use basic preventative measures including regular training for staff and backing up data to combat the risks and costs of attacks. Monitoring a network should be strengthened to have an efficient defense against ransomware attacks and combining it with common sense can help keep risks low.

About PGUI

Professional Governmental Underwriters, Inc., is a full-service risk management company dedicated to assisting public, educational and non-profit entities in the management of their professional liability exposures including educators liability insurance and public sector insurance. We are dedicated to providing state-of-the-art professional underwriting management and loss control advisory services on behalf of our designated carriers. For more information, call us toll-free at (800) 586-6502.