In today’s Washington Post article, ‘Amid a surge in ransomware attacks, cities are taking some of the biggest hits,’ it’s obvious there’s almost nothing that can be done to stop these attacks. All a city can do is hope they aren’t next on the hacker’s list. 

Well, there are things a city can do to protect themselves from a ransomware attack, but it’s expensive to implement and requires additional money to keep up to date. It’s a risky ‘pay me now or pay me later’ scenario that only the Vegas odds makers can come close to forecasting when and if a city should take preventive action. 

The Washington Post writes…

Cities are particularly easy targets for ransomware attackers because their information technology has often been underfunded for years or decades, constantly losing out to seemingly more immediate priorities such as policing, social services and road repairs. Cities also struggle to retain people with top-shelf IT talent who can attract far higher salaries in the private sector.

The cost of not taking action includes a lot more than money. But money is a big factor for cash strapped cities like Chester. Hackers immediately demand money to unlock computer systems which could devastate a city with no money on hand. The article says Atlanta and Baltimore refused to pay ransom of $51k and $76k respectively, but it ended up costing them $17 and $18 million respectively to recover from their attack. 

Recovery costs occur in addition to the price of ransom. Cities with the money to pay cyber experts to unlock their computers still suffer from the monetary impact of systems being down for long periods of time. 

The Washington Post tells of other issues when ransom isn’t paid…

Tulsa was hit with a ransomware attack in June and has mostly recovered. But when it refused to pay the ransom, hackers released about 18,000 city files onto the portion of the Internet known as the “dark web.” The information included personal information such as the names, birth dates and driver’s license numbers of residents, which could make them more vulnerable to identity theft.

This news isn’t new and normally I would not created a blog post sounding like a Chester City governement computer system alarmist, despite the fact that our computers are probably the type that are easy pickings for hackers. I write this piece because of all the municipalities they mention from across the country, they include the hack on our own Delaware County computer system…

Hackers that hit Pensacola, Fla., in late 2019 demanded a $1 million ransom to unlock those systems. Hackers that compromised Delaware County, Pa., in November 2020 demanded $500,000. Pensacola didn’t pay up, but Delaware County did.

Delaware County found half-a-million dollars to pay the hackers. They probably are paying a lot more to secure their systems. Chester City couldn’t afford to do that. Neither could Brookhaven, Eddystone, Marcus Hook, Colwyn, Yeadon, and most other municipalities around here. 

Coming to the rescue is…

The $1 trillion bipartisan infrastructure bill that passed the Senate in August included $1 billion to help states and cities upgrade cybersecurity. That would be by far the biggest cash infusion for municipal cybersecurity in history. It could go a long way toward making cities more resilient against ransomware. The House is scheduled to consider the bill in September.

Will that be enough money to protect every municipality in America? Probably not. All we can do is cross our fingers and hope we’re not a hacker’s next target.

With the help of Delaware County’s computer experts that’s already been through this, I hope steps are being taken to assess all of the municipal computer systems to come up with the best plan to minimize an attack. Hopefully, DELCO municipalities are open to a consolidated computer infrastructure to safely and effectively deliver services. I just can’t imagine every town in DELCO needs to have its own computer systems. Without robust security, these individual systems are a hacker’s dream target.