59.9 F
Washington D.C.
Wednesday, October 5, 2022

Mayors Vow to Not Pay Ransomware Attackers in Move to ‘Deter’ Future Attacks

As government networks are increasingly targeted by high-profile and insidious ransomware campaigns, the U.S. Conference of Mayors vowed at their recent meeting in Honolulu to not fork over ransom payments to hackers.

The resolution, “Opposing Payment To Ransomeware Attack Perpetrators,” passed out of the Criminal and Social Justice committee with no recorded objections:

  • WHEREAS, targeted ransomware attacks on local US government entities are on the rise; and
  • WHEREAS, at least 170 county, city, or state government systems have experienced a ransomware attack since 2013; and
  • WHEREAS, 22 of those attacks have occurred in 2019 alone, including the cities of Baltimore and Albany and the counties of Fisher, Texas and Genesee, Michigan; and
  • WHEREAS, ransomware attacks can cost localities millions of dollars and lead to months of work to repair disrupted technology systems and files; and
  • WHEREAS, paying ransomware attackers encourages continued attacks on other government systems, as perpetrators financially benefit; and
  • WHEREAS, the United States Conference of Mayors has a vested interest in de-incentivizing these attacks to prevent further harm,
  • NOW, THEREFORE, BE IT RESOLVED, that the United States Conference of Mayors stands united against paying ransoms in the event of an IT security breach.

Passage occurred two months after the National Capitol Region Threat Intelligence Consortium Cyber Center warned that a new ransomware campaign dubbed RobbinHood is “actively targeting government networks within the United States” since its discovery in April and “targets entire networks and attempts to encrypt files on as many computers on the infected networks as possible.”

“The distribution method used to infect systems is currently unknown; however, open source reports suggest that the threat actors behind the campaign may be compromising remote desktop services or using Trojans to deliver the ransomware variant,” the alert added.

Soon afterward, security company Armor said it analyzed the RobbinHood ransomware that infected the city of Baltimore’s computers and dug into its file-locking virus that encrypts files. A note demanded 3 Bitcoins, or about $17,600, per system or 13 Bitcoins, about $76,280, to decrypt all of the city’s systems. The hackers said they would cut off negotiations if the FBI was contacted and said files would be damaged if they tried to battle the ransomware with antivirus software. A 10-day deadline was given to get the files back, with four days until the price went up.

Baltimore did not pay the ransom; the resolution passed at the mayors’ meeting was introduced by Baltimore Mayor Jack Young.

Also in May, ransomware infected the city’s phone systems and servers in Washington, Pa. Cities hit by ransomware in April included Amarillo, Texas, Stuart, Fla., and Greenville, N.C., which was also targeted by RobbinHood and was infected in its public safety and financial computer systems.

Garfield County, Utah, paid ransom in April after systems were infected by a phishing email. In March, Jackson County, Ga., paid $400,000 in Bitcoin to hackers to free their systems.

The mayors also passed a resolution supporting the State Cyber Resiliency Act (H.R. 2130/S.1065) and calling on the Trump administration to “provide critical resources necessary to enhance our nation’s critical cybersecurity infrastructure at the local level.”

And they passed a data security resolution stating that “federal government contracting of data storage with any private data center should only contract with entities that use fault-tolerant solutions and follow the standards set by the National Institute of Standards and Technology (NIST), and Federal Acts, FITARA and FDCCI adopted in 2014 that ensure physical protection, redundancy, sustainability, and resiliency of the power supply.”

Bridget Johnson
Bridget Johnson is the Managing Editor for Homeland Security Today. A veteran journalist whose news articles and analyses have run in dozens of news outlets across the globe, Bridget first came to Washington to be online editor and a foreign policy writer at The Hill. Previously she was an editorial board member at the Rocky Mountain News and syndicated nation/world news columnist at the Los Angeles Daily News. Bridget is a terrorism analyst and security consultant with a specialty in online open-source extremist propaganda, incitement, recruitment, and training. She hosts and presents in Homeland Security Today law enforcement training webinars studying a range of counterterrorism topics including conspiracy theory extremism, complex coordinated attacks, critical infrastructure attacks, arson terrorism, drone and venue threats, antisemitism and white supremacists, anti-government extremism, and WMD threats. She is a Senior Risk Analyst for Gate 15 and a private investigator. Bridget is an NPR on-air contributor and has contributed to USA Today, The Wall Street Journal, New York Observer, National Review Online, Politico, New York Daily News, The Jerusalem Post, The Hill, Washington Times, RealClearWorld and more, and has myriad television and radio credits including Al-Jazeera, BBC and SiriusXM.

Related Articles

- Advertisement -

Latest Articles