Lake City officials say the attack began with a "triple threat" malware attack and was followed up by a ransom demand. After blocking access to city services, emails and other parts of the Lake City cyber infrastructure, local authorities were ultimately left with little recourse and gave in to the hackers.
This is not the first time a local government has fallen by way of hacking -- and unless municipalities begin taking more proactive steps to secure their infrastructure, it won't be the last.
As CS Online reports, cyber attacks have been paralyzing local governments around the country. From California to Florida, it seems no one is safe. On April 10th, the city of Greenville, North Carolina was hit by a RobinHood ransomware attack. Most city-owned computers had to be disconnected from the network.
And on April 13th, Imperial County, California was struck by Ryuk ransomware, which targets enterprise environments. The Ryuk attack caused city computer systems to malfunction and even disrupted their phone lines. On the same day, the city of Stuart, Florida was also attacked with the same ransomware.
Countless cities from every corner of the United States, ranging from Maine to Georgia to California, have been victimized by ransomware and other malicious attacks. In Atlanta, a recent cyber attack ultimately cost the city an estimated $17 million.
Gary Hayslip, former CISO (chief information security officer) for the city of San Diego, California and current CISO for security firm Webroo, says that security issues have long plagued local governments.
"Most of these cities have had issues just like businesses have for years. It's just more of them are being public about it because governments are requiring it now more," Hayslip tells CS Online.
As cities move deeper into IP-based activities to increase efficiency, they become bigger targets for malicious actors. Attackers are growing more and more savvy as time goes on, and local governments simply are not keeping pace with their security efforts.
Chris Kennedy, CISO of cybersecurity firm AttackIQ and former government cybersecurity expert, says that the information held by local governments is extremely attractive to attackers.
"If you think long-range, state and local governments offer a wealth of information about citizen activity. You can imagine how cyber criminals would want to take advantage of that collection of information for identity theft and things like that," Kennedy tells CS Online. As Kennedy contends, city infrastructure contains massive amounts of data; everything from permits to parking tickets run through their system -- and that information can be easily compromised thanks to government incompetence and budget constraints.
Cities and especially small towns are particularly vulnerable to cyber threats because they don't have the same budget for security that a large corporation might have. When you combine budget constraints with corrupt and idiotic politicians, you've got a recipe for disaster.
In addition to funding issues, cities and towns must also cope with a lack of available, talented cybersecurity professionals. This is further compounded by the fact that technology advances at an incredibly rapid pace -- and most local governments do not have the means nor the time to revamp their networks every 18 months.
It's not a secret that most government cyber security is woefully inept, but when it comes to cyber attacks, this incompetence is exceptionally dangerous. The data stored by local government can be even more valuable to attackers than the ransom payments they receive -- and paying off attackers is no guarantee for safety.
Read more about cyber attacks at Glitch.news.
Sources for this article include: