Cybersecurity, Municipalities and Ransomware
Municipalities targeted (still) for ransomware
Municipalities provide many services the residents require. This is especially evident in the winter months to the north. Any disruption with these services has the potential to create havoc and a definite issue for the residents and critical services. A town in Washington recently experienced how much “fun” remediating the issue can be. The city of Sammamish in Washington state. This is located east of Seattle in King County and has approximately 65k residents.
The city was the unfortunate victim of a ransomware attack. This occurred on January 23, 2019. The ransomware had encrypted a portion of the data; however, the entirety of the network was not affected. This would have created a significantly worse situation.
Although this sounds quite simple, the effects were far-reaching. The systems were shut down and offline. The personnel were not able to effectively do their work. The city’s operations were reduced to using a pen and paper. Due to their systems not being accessible, the administrators had to shut down services to the residents. They were forced to stop processing passports, pet licenses, permits, and other services. The city also offers map services, which was also placed offline due to the ransomware. Certain shared services, however, were still operating. Due to this affecting nearly all of the operations, the city had to declare an emergency. Fortunately, the police and other emergency services were still available. As a precaution, the city also canceled its credit cards.
The situation clearly was significant and rather serious. The municipality hired a security consulting firm, LMG Security from Missoula, MT, to review the attack and delve into the details. The security firm had the scope of detecting the affected systems, the extent of the penetration, and what actions would be needed to decrypt the data. During this process, a portion of the staff used mobile hotspots to try and work to a limited extent.
The case is yet another example of what can occur when people do not have a sense of familiarity with cybersecurity. Everyone does not have to be a cybersecurity subject matter expert; however, a level of familiarity is definitely beneficial.
The staff should receive training or further training in order to minimize the opportunity of this happening again. When this happens, the staff needs to understand this has the potential to be very expensive, both financially and operationally, mouse-click for the municipality.
Fields, A. (2019, January 23). Sammamish declares emergency in response to ransomware attack. Retrieved from https://www.seattletimes.com/seattle-news/sammamish-declares-emergency-in-response-to-ransomware-attack/
Goud, N. (2019, January). Ransomware attack sends Sammamish city into emergency. Retrieved from https://www.cybersecurity-insiders.com/ransomware-attack-sends-sammamish-city-into-emergency
KING5. (2019). City of Sammamish declares emergency after ransomware attack. Retrieved from https://www.king5.com/article/news/local/city-of-sammamish-declares-emergency-after-ransomware-attack/
KIRO 7 News Staff. (2019, January 24). City of Sammamish: City’s computer system under ransomware attack. Retrieved from https://www.kiro7.com/news/eastside-news/city-of-sammamish-city-s-computer-system-under-ransomware-attack/909105149
MyNorthwest. (2019, January 24). City of sammamish’s computer system under ransomware attack. Retrieved from http://mynorthwest.com/1253344/sammamish-computer-ransomware-attack/
Olenick, D. (2019, January 24). Ransomware attacks take down Sammamish city, ball and salisbury PD. Retrieved from https://www.scagazine.com/home/security-news/ransomware/ransomware-attacks-take-down-sammamish-cityhall-and-salisbury-pd/
Wood, C. (2019, January 25). Ransomware attack takes down city servers in sammamish, washington. Retrieved from https://statescoop.com/ransomware-attack-takes-down-city-services-in-sammamish-washington/
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.