On June 23, the village of Key Biscayne became the third Florida city within a month to be hit by a cyber attack. Earlier in the month, the city of Riviera Beach and Lake City Florida were both hit. In all three cases, a city employee clicked on an attachment in an email that unleashed malware into their network and encrypted their data. Riviera Beach paid a ransom of $600,000 and Lake City, $460,000 to recover their files.

After detecting the attack, Key Biscayne took its systems off-line and launched an investigation into the incident. After three days, they had all their systems back online. The Village of Key Biscayne is home to 3,000 individuals.

A Triple Threat

Both Key Biscayne and Lake City were victims of a form of ransomware called Ryuk. It’s targeted ransomware that originally came from North Korea. It works by infecting enterprises days, weeks, or as much as a year after they were initially infected by a separate form of malware, a powerful trojan known as Trickbot. The trojan Emotet is used as a “dropper” to install Trickbot. Because of the way this works, this is known as a “Triple Threat” attack. 

What Should Governments Be Doing?

Take Proactive Measures

As Nick Allo, Director of IT Services from SemTech IT Solutions in Longwood, Florida, tells us: 

“It is a shame when any organization gets a ransomware attack. Even more so when a city/town is crippled from such an attack. There are Security Focused providers out there with the knowledge and tools to prevent and protect against these threats. These tools can fight back with proper Backup and Device protection. I can stress that most of these attacks can be prevented and we can even figure out where the threat came from to ensure it never happens again.”

Educate Users

A best practice is to educate users so they don’t click on malicious links in the first place.

“Ransomware is really turning into an epidemic for municipalities. We have to keep spreading the word about the importance end-user training and striving to create a human firewall,” says Michael Goldstein, President of LAN Infotech, in Fort Lauderdale, Florida. “Backup backup, backup what more can I add?”

Backup, Backup, Backup

Another best practice is to always have a backup system and a recovery plan in place. 

Tom Bowles, Founder of Alltek Services in Lakeland, Florida, explains:

“It always baffles me that this happens and they’re not able to recover from their backup system. If their backup system is set up properly, they should be able to recover worse case from the previous end of the day. It appears that local governments are being targeted for the potential for bigger paying ransoms.  It also points out that sometimes, when you have an internal IT department that doesn’t have a good relationship with an IT Managed Service Provider (MSP), they get tunnel vision. They don’t get the opportunity to see what best practices other folks are doing to protect their data. Unfortunately, it might be we’re at the point where it isn’t if you get hit, but when. We’ve added two customers this year because of them being compromised and actually just turned another one down because I didn’t feel they were a long term fit.  The hackers are out there finding a better method and/or gadget to penetrate these networks. As an MSP, we’re constantly trying to make sure our methods of protection, training, and recovery stay one step of ahead of them. Our best practices are constantly being updated.”

Increase Cybersecurity Spending

According to an article in CPO Magazine, when asked directly about cybersecurity spending, “a staggering 71% of Americans said that state and local governments should spend more money before the next big attack occurs. Moreover, a clear majority (74%) also said that politicians need to take the protection of personal data more seriously. For state and local governments, the message should be clear: They need to be doing more to protect communities from the very real risk of a cyber attack. In most cases, that means boosting their cybersecurity spending.”