Cyberattacks against municipal governments are not just something floating out there in the cloud.
The City of Atlanta proved that a couple of weeks ago, when it was victimized by a ransomware attack that tied the city’s digital network in knots for five days, forcing police to write reports by hand, denying residents the ability to pay traffic tickets or water bills online on a city website and shuttering the use of the Wi-Fi system at the world’s busiest airport.
Atlanta’s operation of its 911 system, fortunately, was spared in the cyberattack, as was control of its wastewater treatment system.
Atlanta should serve as a wake-up call to city and county governments across the country — as well as universities, hospitals and others — to beef up personnel training and guard against the email phishing attempts that often provide entry to their computer systems and to ratchet up their cybersecurity defenses.
That includes Racine and other local municipalities and the county of Racine as well.
In the Atlanta case, the computer system shutdown came after a ransom demand was made for $51,000. There has been no word whether Atlanta paid up or resolved the cyberattack on its own.
The relatively small amount of the ransom demand is one of the pernicious things about these cyberattacks, because it can otherwise force the victim organization offline for days or weeks. Hospitals, in particular, sometimes see it as being easier to pay up.
These attacks are not being carried out by some computer geek sitting in his mother’s basement — they’re a business, a big business. According to a New York Times story on the Atlanta hack, city security firms identified the attacker as “Sam Sam hacking crew,” one of dozens of active ransomware groups.
“The Sam Sam group has been one of the more successful ransomware rings, experts said. It is believed to have extorted more than $1 million from some 30 target organizations in 2018 alone,” the Times story said.
In 2016, cybersecurity experts say, criminals made more than $1 billion from ransomware attacks, the report said.
Atlanta is not alone, of course. Even as it was struggling with its cyberattack, another ransomware attack hit Baltimore’s 911 automated dispatch center, forcing it to go to manual operations for 17 hours. Dallas and Charlotte have also been targets.
Atlanta Mayor Keisha Lance Bottoms acknowledged that beefing up the city’s defenses had not been a high priority. Now, she said, “it certainly has gone to the front of the line.”
It’s time to close the cyber barn door in Wisconsin as well. As one information security officer in Arlington, Va., told the Times: “A smart local government will have fire, police and cybersecurity at the same level.”