Keizer hack part of a growing trend of data hostage-taking

When the City of Keizer was hacked last week by an unknown individual or group, it became the latest victim of such attacks nationwide.

By August of 2019, according to a New York Times report, at least 40 cities had their data held hostage by hackers in the first eight months of the year. At one point, 22 cities in Texas alone had been crippled by hacks that involve infecting servers with malware that puts all the data behind an encrypted wall. The hackers then request ransom to release the data back to the cities.

In some cases the ransom cost was nearly $500,000 in taxpayer money. In January of this year, Tillamook County paid $300,000 to regain access to its data. As companies and towns showed more willingness to pay the ransoms demanded, the attacks ramped up, according to the Times report.

Hacking attacks on cities and companies are now so commonplace that insurance companies have begun offering cyberinsurance that covers some of the ransom costs incurred by the victims. One expert told the New York Times that such packages could increase the targeting of entities with cyberinsurance since those purchases become part of the public record.

In the wake of such attacks, every device – from tablets issued to city councilors to the laptops installed in police vehicles – must be examined for existing vulnerabilities and hardened against future attacks.

The strain of ransomware that was used in many of the most recent attacks is named Sodinokibi (see related article.)

However, the ransom demanded by hackers from a city are only a portion of the costs they incur. In addition to the ransom, Keizer had to contract with a cybersecurity firm to negotiate with the hackers and now it will have to spend even more on security in the future data back-ups and, likely, additional consultants to oversee bringing the system back online.

When the City of Atlanta was held hostage in 2018, the attackers requested $51,000 in Bitcoin – a cryptocurrency – but bringing the city back online was estimated at an additional $17 million. Whatever costs Keizer is forced to absorb as a result of the attack is likely to result in cost cutting in other places. The largest portion of Keizer’s budget goes toward police personnel.

Those behind the attacks are only rarely prosecuted because of the untraceable mechanisms used to make ransom payments.

In a report published by the World Economic Forum, cities of all sizes are urged to prepare for future digital strikes in the same way they would for an earthquake.

“Digital security is not only about hardware and software. It is about adopting a comprehensive whole-of-city approach. Security must be conceived as an essential priority, something that is designed into every element of the urban infrastructure, not merely introduced as an afterthought. It requires developing the rules, regulations, procedures and budgets for city authorities, businesses and residents to prepare and respond to digital threats when and after they inevitably occur,” the report states.

The report cites human error and a failure to implement best practices as the leading causes of such attacks succeeding.

Many attacks could be prevented with relatively simple actions such as “software patching, correct firewall configuration, frequent and redundant backups, and use of multi-factor authentication for logons,” the report concludes.