Sep 18, 2019

How cities can guard against ransomware attacks

Illustration: Aïda Amer/Axios

More than 50 cities have fallen prey to ransomware attacks in 2019 so far, with the average paying $36,295 in ransom. As a result, cities are beginning to explore new cybersecurity options. 

The big picture: As cities move more of their services online and collect more data on their communities and residents, small- to mid-sized municipalities with underfunded IT departments are particularly vulnerable to ransomware attacks and associated costs. 

By the numbers: The International City/County Management Association found that roughly 30% of local governments don't know how often their systems are attacked.

  • Of those that could, an alarming 60% said they were being attacked on a daily — if not hourly — basis. 

What's happening: When a city is attacked, critical services such as tax management and permit approval can be halted as city officials decide whether to pay a ransom or rebuild a system.

  • Paying ransom can quickly restore operations, but nearly 60% of citizens object to such action.
  • Rebuilding a system, meanwhile, is typically more expensive and can take months. 
    • Baltimore chose not to pay a ransom and has instead spent over $5.3 million in restoration costs. City officials have estimated that a complete recovery will cost over $18 million total, including lost revenue.

What's needed: Residents largely do not want municipal funds paid out to hackers, so if cities are going to rebuild, their new systems should have built-in defenses.

  • A cybersecurity policy gaining traction among municipalities is Zero Trust, which operates on the assumption that anything inside or outside of a corporate network including data, devices, systems and users is a security risk.
  • How it works: In a Zero Trust system, administrators use technologies including end-to-end encryption, multifactor authentication, identity access management and analytics to control access.

What to watch: The U.S. government is starting to invest in Zero Trust pilot programs, including a recently announced project with the Defense Information Systems Agency and U.S. Cyber Command. 

Alan Duric is the co-founder and CTO/COO of Wire, a secure collaboration platform.

Go deeper

Updated 39 mins ago - Politics & Policy

Esper catches White House off guard with opposition to military use, photo op

Defense Secretary Mark Esper said at a press briefing Wednesday that he does not currently support invoking the Insurrection Act, an 1807 law that permits the president to use active-duty troops on U.S. soil, in order to quell protests against racial injustice.

Why it matters: President Trump threatened this week to deploy military forces if state and local governments aren't able to squash violent protests. Axios reported on Tuesday that Trump is backing off the idea for now, but that he hasn't ruled it out.

Updates: George Floyd protests continue for 9th day

Demonstrators march on Pennsylvania Avenue on June 3. Photo: Tom Williams/CQ-Roll Call, Inc via Getty Images

Largely peaceful protests over the death of George Floyd and other police-related killings of black people continued Wednesday, marking nine straight days of demonstrations.

The latest: As several major cities moved to lift curfews, NYPD officers "aggressively" dispersed large crowds in Brooklyn and Manhattan beyond New York City's 8 p.m. curfew, per the New York Times. The National Guard was stationed outside many protests Wednesday night, including in Hollywood and Atlanta.

Trump hits back at Mattis: "I gave him a new life"

President Trump speaks at the White House. Photo: Doug Mills - Pool/Getty Images

President Trump unloaded on his former defense secretary via Twitter on Wednesday, hours after James Mattis condemned him for making a "mockery of our Constitution" in his response to mass protests in the wake of George Floyd's killing.

What he's saying: "Probably the only thing Barack Obama & I have in common is that we both had the honor of firing Jim Mattis, the world’s most overrated General. I asked for his letter of resignation, & felt great about it. His nickname was 'Chaos', which I didn’t like, & changed it to 'Mad Dog'"