When a cybersecurity story pops up on the news to report a ransomware attack has knocked a city offline, you often hear from bewildered city officials. No one saw it coming. It’s hard not to empathize with the city employee on the screen. Ransomware and other forms of malware are devastating on a technical and personal level.
But it’s also fair to ask, “Why are they so surprised?”
The warning signs have been building for years. Just consider the chaos ransomware operators have unleashed on 911 call centers over the last decade.
2014: Cybersecurity Professionals Sound the Alarm for Cities and 911 Call Centers
Attacks on 911 call centers are nothing new –
In 2014, Wired magazine tried to understand the vulnerabilities of the system and interviewed two medical doctors and a security expert – all of whom are also white-hat hackers.
The article stated this trio was “…concerned about the security of the address databases, populated by subscriber information from telecoms, that first responders rely on to locate victims. If a hacker could obtain access to the databases, they could alter or delete critical information that could prevent help from arriving on time.”
Ransomware operators don’t need sophisticated tools to knock 911 centers offline.
Wired also identified “swatting” as another threat to 911 and emergency operation centers. This involves phoning emergency organizations like 911 and using a spoofed phone number or caller ID to make fake reports of a home invasion or hostage threat, sending police to the address of an enemy or other targets.
Wired reported that a 12-year-old boy was able to convince SWAT teams to check out the homes of Ashton Kutcher and Justin Bieber with such methods. A serial swatter in Los Angeles even got police to lock down an elementary school while officers went in search of a gunman who didn’t exist.
2016: Systems Remained Vulnerable to Phones and Simple Forms of Malware
In 2016, Fast Company conducted their analysis of the vulnerabilities of the 911 call center shortly after Arizona was hit by a denial-of-service attack in October of that year. Distributed denial-of-service (DDoS) attacks occur when a hacker floods websites with traffic from hijacked computers. Smartphones can also be hijacked and the attacker can direct them to inundate a particular site or phone number with traffic, effectively taking it offline.
DDoS attacks are a dangerous, effective form of malware
Your 911 operators won’t hear from people making emergency calls during a DDoS attack. The hacker-generated traffic ties up all available lines. Your city will be cut off from the people you serve.
You can stop ransomware infections
Defense systems can be set up to mitigate the risk and effectiveness of DDoS attacks. You will want to think strategically about how to approach it, because you set up rules to block a number.
For instance, you could prevent traffic from a number that calls 15 times in 5 minutes, or 20 times in 10 minutes. Talk it through with an cybersecurity services expert to analyze your situation and determine what’s appropriate.
Security patches are a critical, cost-effective tool in your arsenal
Security patches are updates pushed out by companies like Microsoft when they discover a flaw or weakness in their software. The patch closes a hole that cybercriminals will exploit to sneak into your network. The updates are free. Make it a policy to only run up-to-date systems.
2018: Hackers Demand Ransomware Payments From Cities
The 911 call centers have become a symbol of rescue and hope. But since 2014, that very symbol of safety has come under attack in such cities such as Baltimore, Atlanta and Seattle. Ransomware and denial-of-service attacks target 911 centers, forcing some cities to “write down” emergency calls – pushing the system back 50 years or so.
In 2018, NBC News reported there had been 184 attacks on 911 call centers and other local government and safety agencies between 2016 and 2018. In Atlanta, for instance, officials had to work out how a 10-day ransomware attack on municipal computer systems hit at least 5 of 13 departments, knocking out some city services and forcing others to revert to paper records, according to Gizmodo.
In Atlanta, the ransom amount was $51,000 and hackers had encrypted large portions of the city’s computer system.
The FBI discourages victims of ransomware from paying the ransom
The FBI and other agencies assisted Atlanta. They also have a message for any organization dealing with ransomware infections or other forms of malware where hackers demand money: Don’t pay. Authorities feel paying the ransom will encourage others to launch similar attacks, and paying the ransom does not guarantee your files will be unlocked.
Diamond IT’s Cybersecurity Expertise Helps City Recover From Ransomware
2020 and 2021: Ransomware Infections Knocked Cities Offline
2 forces converged and had a devastating effect on cities in 2020 and 2021 – the global pandemic and the evolution of the professional hacker.
Modern criminals aren’t pranking celebrities
Professional hackers do their homework. They know which entities, like cities, have underinvested in cybersecurity. They take this easy target and unleash sophisticated attacks. This could leverage a real-world event – like phishing emails that capitalize on COVID-19 fears. A city employee clicks a link. The virus starts spreading. Suddenly, your files are encrypted and city services shut down.
Unfortunately, many cities are using old, slow systems
The employees are used to technology not working. As a result, they miss telltale signs that they’ve been hacked. This is what happened at California City. The assumption that systems simply weren’t working again meant a delayed response that allowed ransomware to infect their entire network.
Is Your City Stuck in 2014?
You might have brushed off news about prank cybercrime calls as “not a big deal.” You can’t take the same attitude with today’s professional hacker class.
You owe it to your constituents to ensure their data is properly protected. Ransomware and other cyberthreats are very real and happening with rapidly increasing frequency all over the globe. Before you invest in new cybersecurity protections, understand your specific vulnerabilities. A cybersecurity assessment will list your weaknesses, tell you what you should invest in, decrease budgetary waste and increase safety – both online and for your constituents and first responders.