Over the past few months, several U.S. city systems have been held for ransom by hackers. These include Baltimore, MD; Key Biscayne, Lake City and Riviera Beach, FL as well as Atlanta (in 2018) and Jackson County, GA.

Hackers additionally targeted the Georgia Court System, Georgia Department of Agriculture, Philadelphia Courts First Judicial District in Pennsylvania, and the Cleveland Hopkins International Airport in Ohio. To understand the financial impact of these attacks, consider this:

  • Baltimore was hit up for 13 bitcoins or approximately $105,330[1]in ransom
  • In Lake City, FL, the hackers wanted 42 bitcoins equaling approximately $460,000
  • Riviera Beach, FL was held up for 65 bitcoins or approximately $600,000
  • Atlanta, GA was hit with a ransom request of $51,000
  • In Jackson County, GA, the hackers requested $400,000 in ransom
  • The Georgia Department of Agriculture was asked to pay $48,000
  • The Georgia Court System has not yet disclosed if any ransom has been requested
  • Key Biscayne, FL has not yet disclosed whether a ransom was demanded from the perpetrators.

So, how did cities respond to these attacks and what were the financial implications?

  • Baltimore, MD refused to pay the hackers and have spent more than $18 million to date to remediate the event and improve security
  • Lake City, FL paid the ransom, received an encryption key and restored its systems
  • Riviera Beach, FL also paid the ransom and has recovered its systems
  • Atlanta, GA refused to pay the ransom and costs to recover have exceeded $17 million
  • Jackson County, GA paid the ransom and brought its systems back online
  • Georgia Department of Agriculture refused to pay the ransom, and it cost approximately $253,000 to recover.

According to FBI estimates, there were 1,493 ransomware attacks in 2018, with victims paying out a total of $3.6 million in ransom.[2]The average length of time before a breach is detected is 197 days.  By the time they are discovered, hackers probably know the IT environment better than the IT department.

Don’t wait for a data breach to learn about data security. Download our white paper,Utility Customer Data Security, to see how you can increase security and deliver reliable service.


The official recommendation by the U.S. federal government is to never pay hackers’ ransoms.[3]Meeting and paying ransom demands encourages criminal activity and can lead to more attacks. 

Vertex Business Services can assist in providing a robust information security program that includes a dedicated information security team, current and up-to-date antivirus and malware protection, as well as intrusion detection and prevention. Additionally, Vertex offers a Security Information and Event Management system (SIEM), a 24/7 Security Operations Center with tested incident response plans, and annual assessments of security controls.

Do you have trained and certified staff to monitor and manage information security 24/7? If not, contact us today to learn how our solutions can help protect your business against hackers, fraud and ransom attacks.

 

Is your utility company protected against data breaches whitepaper cta
[1]The Bitcoin has fluctuated against the U.S. Dollar from a low of 6,032.25 on May 8, 2019 to a high of 12,927.40 on June 26, 2019 all ransom amounts are estimates.
[2]FBI 2018 Internet Crime Report
[3]FBI Ransomware Prevention and Response for CISOs https://www.fbi.gov/file-repository/ransomware-prevention-and-response-for-cisos.pdf/view.
While it is not illegal to pay a ransom in most cases the U.S. Federal Government has prohibited financial transactions with certain governments, organizations, and individuals that are on the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) Sanctions List (https://www.treasury.gov/resource-center/sanctions/Pages/default.aspx) this includes paying ransoms.