{"id":13580,"date":"2019-06-28T11:59:13","date_gmt":"2019-06-28T15:59:13","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/encrypted-city-administrations\/13580\/"},"modified":"2019-11-15T15:22:13","modified_gmt":"2019-11-15T11:22:13","slug":"encrypted-city-administrations","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/encrypted-city-administrations\/13580\/","title":{"rendered":"Encrypted cities"},"content":{"rendered":"<p>The number of cyberattacks on US city administrations is on the rise. In less than two months, a third city suffers from the same threat \u2014 ransomware.<\/p>\n<p>Baltimore, Maryland, <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/blog\/baltimore-encrypted\/\" rel=\"noopener noreferrer nofollow\">was attacked on May 7<\/a>. The city\u2019s administration decided not to give in to the extortionists and suffered damages of more than $18 million, according to <a target=\"_blank\" href=\"https:\/\/www.engadget.com\/2019\/06\/06\/baltimore-ransomware-18-million-damages\/\" rel=\"noopener noreferrer nofollow\">preliminary estimates<\/a>. A few weeks later, Riviera Beach, Florida, was next. The city\u2019s computers <a target=\"_blank\" href=\"https:\/\/threatpost.com\/ransomware-florida-city-pays-600k-ransom\/145869\/\" rel=\"noopener noreferrer nofollow\">were encrypted<\/a>, and officials decided to pay the extortionists 65 bitcoins, or about $600,000.<\/p>\n<p>A week after that, <a target=\"_blank\" href=\"https:\/\/threatpost.com\/second-florida-city-pays-hackers-500k-post-ransomware-attack\/146018\/\" rel=\"noopener noreferrer nofollow\">another city in the same state was attacked<\/a> \u2014 Lake City. This time, the city administration deliberated even less and ended up paying almost half a million dollars to the extortionists. It is not yet known whether they were able to decrypt their data, but they confirmed that the attackers sent them the decryption key.<\/p>\n<p>This is not the beginning of a new wave of attacks. You don\u2019t have to dig deep to find plenty of other similar, prominent incidents \u2014 in <a target=\"_blank\" href=\"https:\/\/threatpost.com\/ransomware-attack-cripples-several-atlanta-city-systems\/130739\/\" rel=\"noopener noreferrer nofollow\">Atlanta, Georgia<\/a>, <a target=\"_blank\" href=\"https:\/\/threatpost.com\/threatlist-ransomware-trojans-picking-up-steam-in-2019\/145718\/\" rel=\"noopener noreferrer nofollow\">Jackson County, Georgia<\/a>, <a target=\"_blank\" href=\"https:\/\/www.timesunion.com\/news\/article\/Albany-police-can-t-access-scheduling-system-13730578.php\" rel=\"noopener noreferrer nofollow\">Albany, New York<\/a>, and more.<\/p>\n<h2>To pay or not to pay?<\/h2>\n<p>As the Baltimore case shows, it is much more expensive to fight the consequences of an attack than to pay extortionists. Perhaps it was the calculation of the damages from this incident that influenced the decisions of the Riviera Beach and Lake City councils.<\/p>\n<p>Of course, the decision to pay is understandable. When ransomware paralyzes city services, we are talking not only about financial damages, but also about the lives and well-being of local residents. However, every time a city pays, attackers become more convinced that their efforts are not in vain. So, they choose their next victim and keep the trend going. That\u2019s a big part of why the FBI and companies involved in information security do not recommend paying.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kart\">\n<h2>How to avoid getting encrypted<\/h2>\n<p>Almost all ransomware infections follow a similar script: Someone in a city\u2019s administration receives a letter that includes a malware link or attachment and, not recognizing the threat, the employee launches the malware, which exploits long-known vulnerabilities in operating systems or other software to encrypt data. Sometimes (again, through known vulnerabilities), the malware spreads to all computers on the victim\u2019s local network. Therefore, we have three main tips:<\/p>\n<ul>\n<li>Update software right away, prioritizing operating systems.<\/li>\n<li>Employ security solutions that can handle known and yet-undetected ransomware on all computers. Even if you already have a reliable protection, you can use the <a href=\"https:\/\/me-en.kaspersky.com\/blog\/kaspersky-anti-ransomware-tool-for-business\/?utm_source=kdaily&amp;utm_medium=blog&amp;utm_campaign=me-en_KB_nv0092&amp;utm_content=link&amp;utm_term=me-en_kdaily_organic_1drobvqxak929hs\" target=\"_blank\" rel=\"noopener\">Kaspersky Anti-Ransomware Tool<\/a> as an additional protective layer \u2014 it can work in combination with other companies\u2019 security products.<\/li>\n<li>Teach employees to recognize and defend against the social-engineering techniques malefactors use to get a foothold in corporate networks.<\/li>\n<\/ul>\n<p>Among our other solutions, we offer <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/about\/policy-blog\/general-cybersecurity\/how-to-make-local-public-administrations-in-europe-cyber-resilient\" rel=\"noopener noreferrer nofollow\">Kaspersky Interactive Protection Simulation<\/a>, a solution designed specifically for local public administrations. It was created in the framework of the COMPACT project created by the European Commission, but it is also suitable for training public administrations around the world. You can learn a little more about it <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/about\/policy-blog\/general-cybersecurity\/how-to-make-local-public-administrations-in-europe-cyber-resilient\" rel=\"noopener noreferrer nofollow\">in this article<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Lake City, Florida, joins the list of ransomware victims \u2014 and decides to pay.<\/p>\n","protected":false},"author":40,"featured_media":13581,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1916],"tags":[2120,2040,433],"class_list":{"0":"post-13580","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"tag-city-administration","10":"tag-extortion","11":"tag-ransomware"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/encrypted-city-administrations\/13580\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/encrypted-city-administrations\/16074\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/encrypted-city-administrations\/17970\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/encrypted-city-administrations\/16106\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/encrypted-city-administrations\/14849\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/encrypted-city-administrations\/18766\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/encrypted-city-administrations\/17543\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/encrypted-city-administrations\/23012\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/encrypted-city-administrations\/27452\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/encrypted-city-administrations\/11916\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/encrypted-city-administrations\/12015\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/encrypted-city-administrations\/10906\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/encrypted-city-administrations\/19614\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/encrypted-city-administrations\/23534\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/encrypted-city-administrations\/22892\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/encrypted-city-administrations\/22834\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/ransomware\/","name":"ransomware"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/13580","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=13580"}],"version-history":[{"count":4,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/13580\/revisions"}],"predecessor-version":[{"id":14402,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/13580\/revisions\/14402"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/13581"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=13580"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=13580"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=13580"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}