Library Director Jennifer Ramirez works to get her computer operational with assistance from their technology advisers at the public library in Wilmer, Texas, on Thursday. (AP Photo/Tony Gutierrez)

Library Director Jennifer Ramirez works to get her computer operational with assistance from their technology advisers at the public library in Wilmer, Texas, on Thursday. (AP Photo/Tony Gutierrez)

Cyberattacks on Texas cities put other governments on guard

“These guys are like bank robbers. They look at what attacks work and then they replicate it.”

By Kathleen Foody / Associated Press

CHICAGO — Cyberattacks that recently crippled nearly two dozen Texas cities have put other local governments on guard, offering the latest evidence that hackers can halt routine operations by locking up computers and public records and demanding steep ransoms.

Government agencies that fail to keep reliable backups of their data could be forced to choose between paying ransoms or spending even more to rebuild lost systems. Officials are increasingly turning to cybersecurity insurance to help curb the growing threat.

“I think we’re entering an epidemic stage,” said Alan Shark, executive director of the Public Technology Institute, which provides training and other support for local government technology employees. “The bad actors have been emboldened.”

The attacks, which have been happening for years, can set governments back decades. Libraries can’t use electronic checkout systems. Police can’t access electronic records, and utility bills must be paid with paper checks rather than online.

Protection is expensive, particularly for smaller cities whose employees may not be trained on the latest ransomware, which often spreads through emails containing malicious links or attachments. Hackers can also entice users to visit a compromised website and then encrypt files stored on a computer or network until a payment is made.

In Keene, a community of about 6,000 people about 45 miles southwest of Dallas, problems began Friday when computers used by its roughly 50 employees locked up and prevented any credit card payments, officials said.

Three other cities identified themselves as victims. A spokeswoman for the city of Borger declined to comment on security efforts or costs, and messages for officials in Wilmer and Kaufman were not returned.

The Department of Homeland Security and the FBI are working with the affected cities but declined to release the names of all 22 governments or provide any detail about how the hackers gained access to their systems.

Cities of all sizes have been targeted in recent years, including Atlanta, Baltimore, Newark, New Jersey and Savannah, Georgia.

After a 2018 malware attack, Savannah officials canceled traffic court for weeks. Everything from 311 call center requests to city permits and licenses were halted or delayed. Information Technology Director Mark Revenew remained reluctant to discuss details more than a year later, including how investigators believe the city’s systems were compromised.

“These guys are like bank robbers,” Revenew said. “They look at what attacks work and then they replicate it.”

Baltimore officials refused a demand for about $76,000 in bitcoin to restore access to the city’s network. Federal prosecutors last year indicted two Iranian men for ransomware attacks on more than 200 victims, including Atlanta and Newark. The attacks netted more than $6 million and cost the affected governments and companies more than $30 million.

According to the FBI, more than 1,400 ransomware attacks were reported last year, and victims reported paying $3.6 million to hackers.

The FBI does not say how many of those reports came from state or local governments, but other research suggests they are a growing target for hackers. Intelligence analyst Allan Liska recorded 62 ransomware attacks yet this year on government entities, already exceeding last year’s total of 54 based on local media reports.

Liska said his review has found government entities are less likely to pay a ransom than private companies or individuals. Attacks on government generate more attention, though, and hackers seem to be seeking infamy along with a payout.

Governments are among a growing number of clients shopping for cybersecurity insurance. Some customers get the coverage as part of a larger package while others buy a stand-alone cyber policy. Insurers reported taking in more than $2 billion in premiums for cyber coverage last year, according to the insurance brokerage firm Aon’s June report .

In June, several Florida cities decided to pay hackers hundreds of thousands of dollars for a key to decrypt captive data, but officials told residents that they were only on the hook for a deductible. Most of the cost was to be covered by insurers.

The FBI and most professional cybersecurity associations oppose such payouts because they help attackers continue to target other victims. But some officials desperate to get their systems back see it as a better option than paying millions to recreate thousands of lost government records.

Shark said he’s heard of governments paying as much as $20,000 for cyber insurance but considers that an investment against a system rebuild that could cost millions.

Cybersecurity experts caution that the policies are no replacement for basic cyber “hygiene,” including backing up systems and data, training employees on the risks of clicking unknown links and regularly installing updates to hardware and software.

Insurers typically require cyber clients to complete those steps before issuing a policy and failing to do so risks a denied claim after an attack, said Dan Lohrmann of Security Mentor Inc., a training company.

“Elected officials are getting the message that this is not just a technology issue or a security issue but a government competence issue,” he said.

In the northern suburbs of Chicago, seven communities banded together in 2014 to share the cost of contracting with a cybersecurity firm for added technical support and training. Amy Ahner, the director of administrative services for one of the members, said she advocated for the village of Glenview’s purchase of cyber insurance. She saw it as secondary to security efforts.

“I have insurance on my car,” she said. “But what matters most is how I drive it every day.”

Talk to us

More in Herald Business Journal

Snohomish County manufacturers sew 27,000 masks for nurses

Two Mukilteo businesses, and others around the county, have shifted their focus to fight COVID-19.

Most building sites have shut down, but there are exceptions

The state Senate Republican Caucus has asked Gov. Jay Inslee to lift the ban on residential work.

During this outbreak, let’s be warriors

Amid the coronavirus pandemic, it’s time for a renewed focus on making a difference.

Trump uses wartime act but GM, Ventec are already moving fast

The carmaker is working with the Bothell company to produce up to 10,000 ventilators per month.

Comments welcome on the proposed Lake Stevens Costco

The company’s permit to fill wetlands is under review. Public comment is open until April 12.

Trump stops deal for Bothell’s Ventec to produce ventilators

The project would have had the company producing more than 1,000 ventilators a month.

As Boeing shuts down, an employee’s family is left to grieve

To his family, Elton Washington is much more than a statistic in the growing COVID-19 pandemic.

Paine Field passenger volume plummets; flight changes likely

Despite a 68% drop, the passenger terminal’s owner expects to weather the coronavirus crisis.

Inslee signs the law repealing a Boeing tax break

The move, which the aerospace giant sought, aims to resolve an international trade dispute.

Inslee signs law allowing sharing of sales tax with tribes

It also helps end a legal fight over taxes involving the county, the state and the Tulalip Tribes.

Boeing plants here to close; infected Everett worker dies

To the relief of anxious employees, the company said it will shut down factory operations for two weeks.

Not everything is closed as businesses evolve to stay alive

Places are offering curbside pick-up and online orders and are banding together to draw wary customers.