Ransomware Goes Local As Governments, Infrastructure, Port Authorities Take a Hit

In the age of cyber warfare, holding up banks and taking hostages are relics of the pre-digital heists of the past. The target for this new generation of criminals is data; holding a company or organization to ransom electronically is becoming the go-to tactic.

After the city of Atlanta found itself at the center of the SamSam ransomware attack this summer, a plethora of other small, local public entities have found themselves in similar situations. In a similar attack to the one Atlanta experience, the Port of San Diego found itself deliberating between paying ransom or having systems at the San Diego Harbor Police Department, for example, completely compromised.

More recently, even smaller local governments have found themselves at the mercy of ransomware. Madison County in Idaho found services ranging from sanitation to the treasury held hostage, while Onslow Water and Sewer Authority in Jacksonville, North Carolina, was hit with the Ryuk ransomware. Although this incident didn’t impact the safety of the water supply, it has resulted in a complete shutdown of computing ability, meaning that employees had to resort to manually setting up accounts and fulfilling service orders.

Many would still advise that any organization impacted by ransomware avoid paying the ransom; but this can seem like a small success compared to the ripple effect of outages throughout cities and critical infrastructure. Reports show the costs of dealing with the aftermath of ransomware attacks can quickly balloon, into the millions for larger cities like Atlanta. For any organization, this is unacceptable, but it is particularly bad for a municipality that will have to spend tax dollars on the cleanup.

As this string of attacks shows, it is only a matter of time before the next attack occurs. Cities or organizations must have a plan in place for when the inevitable happens – they shouldn’t wait to react, and prevention plans are proving to be insufficient. Pre-planning is needed so that when trouble strikes, there are immediate steps that are set into motion to ensure services aren’t disrupted and critical activities can carry on as needed.

According to Gartner, downtime can cost an organization as much as $540,000 per hour. While this number can have a staggering impact on a private organization, when you factor in taxpayer funding that supports local governments, this is even more devastating.

The key for organizations to bounce back immediately and avoid downtime is being protected for disruption, instead of surprised by it. As cliché as it has become at this point: it’s not whether a cyberattack will occur, but when. So how do you ensure you are prepared for the inevitable?

Atlanta, San Diego, Madison County and Jacksonville can be an example to organizations about the need to invest in and create full IT resilience plans, centered around continuous data protection for backup, disaster recovery and cloud mobility to withstand both planned and unplanned disruptions.

Continuous data protection makes everything easier, faster and more holistic. Most important, it meets today’s user needs, and provides real-time protection against the kind of attacks that have impacted critical services in these cities. It moves an organization beyond the limitations of today’s legacy backup, which currently leave major gaps between snapshots, and gives organizations the ability to recover all data from just seconds before it was held for ransom. This can ensure an organization will always be on and protected in the face of today’s cyberattacks.

Protection against lurking malware and cyber hackers also requires data protection tools for backup, disaster recovery, and cloud management. Organizations need to invest in continuous data replication tools with automated recovery to achieve continuous availability. As part of this overall resilience strategy, organizations also need tools that provide workload mobility and multi-cloud agility, to allow data and applications to be moved between on-premises and any cloud for optimized recovery.

By strategically investing in continuous data protection for continuous availability, organizations can reach a point where they are protected against any disruption–planned or unplanned–and are always on, available and protected 100% of the time.

As troubling as these recent attacks on local entities are, they also open the door for other cities to take a close look at their vulnerabilities and leverage different tools and services. If they had implemented the kinds of continuous data protection capabilities discussed here, they could have recovered data flies that are critical to their day-to-day functions within seconds.

Criminals rarely provide warning, but in the current news climate it is hard to ignore their existence. We know attacks are increasing in consistency, and we know they will continue to evolve. However, if cities’ critical infrastructure continues to be a target, steps need to be taken to plan and increase the ability to retrieve the latest data for short- and long-term resilience. This will enable cities to shield themselves from the significant damage and after effects that have become the costliest consequences of ransomware events.

Attacks will continue to occur, but the ultimate goal is no data loss, no downtime, and no interruptions to the business and its customers.