So far in 2019, there have been 22 reported public-sector ransomware attacks on US cities, signaling a rise in frequency since 2018. The attacks are targeted at local US government facilities such as cities, police stations, and schools. Some of these attacks have cost millions of dollars in ransom to get functioning again.
Recorded Future, a cybersecurity firm that has tallied ransomware assaults demanding payment (usually in bitcoin) in exchange for unlock keys. They found that at least 170 county, city, or state government systems have been attacked since 2013.
Baltimore was the latest victim hit last Tuesday with a ransomware infection. “It’s frustrating. It’s unfortunate. But we’re working through it,” Baltimore City Council President Brandon Scott said in a news conference Friday. Baltimore has been forced to provide most of its municipal services manually.
Albany, New York reported a ransomware hit towards the end of March. The attack came on a Saturday when most IT staff are not working and readily available to counter the attack. Though Albany announced the attack as soon as it was discovered, they downplayed the severity of the infiltration, electing to leave out the information that the Albany Police Departments were significantly crippled. Police were forced to go back to paper reporting. Even the staffing schedule was hit.
Experts estimate that ransomware costs billions of dollars a day worldwide, though the cost may be even higher because there is no global tracking system of incidents nor are all incidents are reported. Individuals are less likely to be hit with ransomware due to the low payout to the hackers. They are also less likely than major businesses or government entities to report an attack.
Ransomware attacks are usually carried out by a multitude of individuals, either working alone or in criminal “gangs”. Many claim to be system insiders. Though many ransomware attackers are never identified, international law enforcement agencies have been able to catch a few. In 2017 it took the FBI working with six international law enforcement agencies to arrest three suspects in Romania and two suspects in Hungary. The five individuals were accused of running the CBT-Locker ransomware scam.
Often attacks originate in countries where the US cannot extradite the criminals. Some of the world’s most destructive ransomware worms, WannaCry, NotPtya, and SamSam, have all been created in places the US can’t reach the culprit.