Assisting Local Governments in Responding to Ransomware Attacks

Ransomware attacks continue to target cities and other state and local government entities all over the United States. These attacks have been hitting municipalities as large as Baltimore and Atlanta; but they have also affected small cities like Borger, Texas (Broadwater, 2019; Allyn, 2019). These attacks are interrupting crucial services that citizens depend on, including trash collection, water treatment, policing, and firefighting and emergency responses.  Currently, cities have little recourse in responding to ransomware attacks, resulting in huge monetary demands, and little knowledge about how to solve the persisting issues. It is imperative that federal guidelines and assistance be provided, in order to protect state and local government computer networks, to ensure the security of Americans’ personal information and to provide for resilient, reliable delivery of crucial public services. Especially under current pandemic conditions, in which Internet dependence is substantially heightened, this must be made a top legislative priority.

How Are They Attacking?

Attackers are paralyzing cities’ networks by establishing malware within the computers of city employees. This is done by manipulating users into installing software that will encrypt the hard drive, leaving the user unable to access their files (Jaikaran, 2018).

As a result, citizens are unable to pay bills online, get building permits, or take care of various tickets (Hutcherson, 2018). Furthermore, cities may experience disruption of vital communications such as sewer infrastructure or traffic signals. Lastly, many local police departments must resort back to a paper filing system, causing delays in police response (Hutcherson, 2018).

Attackers typically promise a full release of these systems if the cities agree to pay the demanded ransom.  Ransom demands have ranged anywhere from $150,000 to $2 million, usually payable through the online currency Bitcoin (Allyn, 2019). However, just like any ransom, there is no way of knowing if the attackers will truly comply once receiving their demands. This leaves cities at a crossroads in deciding how to handle an attack on their infrastructure. 

How Do We Respond?

Because of the complexity of the situation, it is no surprise that cities are responding differently to these attacks. In the March of 2018 attack on Atlanta, government officials struggled with the dilemma of paying the $50,000 ransom or not (Hutcherson, 2018). Choosing not to, Atlanta spent over $2.6 million on an investigation that included teams from local law enforcement to US homeland security (Hutcherson, 2018). Conversely, when Lake City, Florida was attacked they agreed to pay hackers $460,000 in bitcoin to recover their computer systems, $10,000 of which was to be paid by citizens (Ng, 2019).

These attacks are not restricted to cities with larger populations. Cities such as Keene, Texas that have smaller scale government services are also being victimized by such attacks (Allyn, 2019). Due to their lack of resources they do not have the ability to combat the attack. This suggests the need for federal aid to all cities attacked through ransomware, in line with the recent recommendations of the Cyberspace Solarium Commission. 

Federal aid can take many forms. First and foremost, there must be consistent guidelines for cities to follow in the event of an attack. Such a guideline collectively composed by the FBI, Homeland Security and the federal government should offer cities different options according to the circumstances of their specific attack. This would help reduce time wasted in deliberation over how to respond, and therefore streamline the recovery process. Furthermore, cities should ensure that they implement updates for their computer systems whenever they are made available, and that they provide information to all city workers on the dangers of opening links and attachments.  Should cities choose to follow the prescribed guidelines, federal monetary aid should be made available to them through existing disaster relief programs administered by the Federal Emergency Management Agency (FEMA).  Alternately, if the Cyberspace Solarium Commission’s recommendations are approved, this assistance function could be overseen by the Critical Infrastructure Security Agency (CISA), which is also part of the Department of Homeland Security.  

Currently, little exists in terms of legislation regarding ransomware attacks at the federal level. However, S.315, the DHS Cyber Hunt and Incident Response Teams Act of 2019, was recently introduced and placed on the Legislative Calendar in April of 2019 (S. 315, 2019).  This act would aid federal and nonfederal entities compromised by cyberattacks with technical assistance, along with strategies to prevent, deter and protect against future attacks (S. 315, 2019). While this bill took a step in the right direction, it provided no monetary assistance for victims of such attacks and was fairly vague in its aims. For these reasons, it is imperative further legislation is introduced encompassing federal monetary aid and specified guidelines for cities to follow, in line with the Cyberspace Solarium Commission’s March 2020 report.  Protecting state and local governments is essential given their importance in delivering crucial public services, and given that they hold large amounts of sensitive personal information about individuals.  Implementing the recommendations of the Cyberspace Solarium Commission for state and local government cybersecurity assistance should be a top legislative priority.

References

Allyn, B. (2019, August 20). 22 Texas Towns Hit With Ransomware Attack In 'New Front' Of Cyberassault. Retrieved from https://www.npr.org/2019/08/20/752695554/23-texas-towns-hit-with-ransomware-attack-in-new-front-of-cyberassault.

Broadwater, L. (2019, August 28). Baltimore transfers $6 million to pay for ransomware attack; city considers insurance against hacks. Retrieved from https://www.baltimoresun.com/politics/bs-md-ci-ransomware-expenses-20190828-njgznd7dsfaxbbaglnvnbkgjhe-story.html.

DHS Cyber Hunt and Incident Response Teams Act of 2019, S. 315, 116^th Cong., 1^st Sess. (2019). Retrieved from https://www.congress.gov/bill/116th-congress/senate-bill/315/text

Hutcherson, K. (2018, March 28). Six days after a ransomware cyberattack, Atlanta officials are filling out forms by hand. Retrieved from https://www.cnn.com/2018/03/27/us/atlanta-ransomware-computers/index.html.

Ng, A. (2019, June 26). Another Florida city pays hackers over ransomware attack. Retrieved from https://www.cnet.com/news/another-florida-city-pays-hackers-over-ransomware-attack/.