New research shows that 38 percent of public-sector entities will suffer a ransomware attack this year, up from 31 percent last year and 13 percent in 2016.
A report in The Wall Street Journal revealed that cyberattacks on municipal systems across the U.S. appear to be rising faster than those in the private sector, according to the Ponemon Institute, a Traverse City, MI, research company focused on information security.
“We’re right at the front end of this,” said Marshall Davies, executive director of the Alexandria, VA-based Public Risk Management Association. Hackers are “just now coming after the public entities. They’ve been hitting the businesses for years.”
Those attacks can be costly to local governments as they spend money to recover data, upgrade systems, take out cybersecurity insurance and, in some cases, to pay the hackers if they can’t restore files on their own.
Hackers attacking cities are often cybercriminals who demand ransoms in poorly written English and typically demand to be paid in bitcoin. But the Federal Bureau of Investigation advises against giving in to ransom demands, warning that “some individuals or organizations are never provided with decryption keys after paying a ransom.”
However, compared with private companies, local governments are usually less prepared for an attack — mainly because they can’t afford to attract top-notch cybersecurity talent. Information-security analysts’ salaries average $100,000 a year, and private-sector employers pay more than state and local governments, according to the Bureau of Labor Statistics.
That might be why officials in Leeds, AL recently decided to pay a ransom demand from hackers who froze the Birmingham suburb’s computer system. Everything from email to personnel records was locked down, and the city of around 12,000 felt it had no choice but to pay in order to restore its systems.
“You just hold your nose and do it,” Mayor David Miller said.