Ransomware attacks are when hackers lock and encrypt a victim’s computer data, then demand a ransom to restore access. In many cases, the victim must pay the cybercriminal within a set amount of time or risk losing access forever. There’s no denying that it’s extortion, but it’s happening more and more frequently to local governments. The reason behind this is that governments are more likely to pay and less likely to have the advanced security as private sector companies with deep pockets.

Attackers know that losing control of your employee’s personal data would be a PR nightmare, and they capitalize on this fact by asking exorbitant ransoms. Not being able to properly pay your employees because timekeeping data was lost would only exacerbate the issue at hand, so avoiding these attacks should be a top priority.

This year at a glance:

  • March: Jackson County, Georgia paid hackers $400,000 to obtain access to their data.
  • May: Baltimore was hit by an attack and refused to pay ransom. In total, recovery from the attack has cost over $18 million.
  • June: Officials in Lake City, Florida, voted to pay hackers $460,000 to recover data from a ransomware attack.  The mayor of Lake City, Stephen Witt, said that he “would’ve never dreamed this could’ve happened, especially in a small town like this.” That’s common for small towns, but they’re frequently the easiest targets. 
  • June: One week before the Lake City incident, Riviera Beach, FL paid $600,000 to unlock its computer systems and restore essential data.
  • August: Authorities say ransomware hit 22 towns at the same time in Texas.

Can you refuse to pay?

You can always refuse to pay, but the results could be disastrous if your organization did not have an effective data recovery procedure in place. Baltimore, MD declined to pay a $76,000 ransom and opted to rebuild their systems from scratch. The cost of this decision ultimately totaled $18 million. The city of Atlanta also chose to not pay a ransom, and it cost almost $3 million to get all their systems back up and running. Saying no is something every city or county wishes they could do, but that decision can come with a high price-tag. It’s important to remember that if these cities did pay a ransom, there still wasn’t a guarantee that their data would be released.


Mayors Unite Against Attackers

The U.S. Conference of Mayors unanimously adopted a resolution opposing payment to ransomware attack perpetrators. Their reasoning was “paying ransomware attackers encourages continued attacks on other government systems, as perpetrators financially benefit.” “The United States Conference of Mayors has a vested interest in de-incentivizing these attacks to prevent further harm, therefore be it resolved that the United States Conference of Mayors stands united against paying ransoms in the event of an IT security breach.Mickey Bresman, CEO of Semperis, a provider of identity-based security, says:

"Having the right type of disaster recovery plan, with a cyber recovery first approach, will allow local government to have better ability to bounce back and not be a helpless victim.” 

Steps to Avoid & Mitigate Attacks


The Cloud:  Opting to move valuable personnel, time and attendance data to a secure cloud would help governments avoid a complete loss of data. If an attack happens, rebuilding some systems might be necessary, but the personal data of employees would be recoverable. Your employees are the ones who help you recover from an

attack, so ensuring that you didn’t mishandle their information would provide the best possible employee experience. It’s important to note that the cloud isn’t as effective for all data types. For example, ERP data changes very quickly, which can lessen the effectiveness of versioned backups. One easy way to ensure safety is to look for platform providers who house their data in a secure cloud. For WFM and HCM, Kronos’ Workforce Dimensions secures all your data in the Google cloud in a robust, extensible platform.

Cyberinsurance: This is another way to hedge against the financial implications of an attack, however that doesn’t come without its own risks. FireEye, a leading cybersecurity firm, expects to see hackers starting to specifically target governments with cyberinsurance. They’d be more willing to pay, and perhaps less worried about their security standards.

Employee Training: Following the advice of in-house and external experts is key to being prepared when attackers try to breach a system. Recently, over 90% of phishing emails have been identified to include ransomware. Having a learning management system in place to train your employees about email security is a simple step that can help avoid a massive headache. 

Ensure that your agency, city, or town chooses vendors who meet the rigorous security standards that are required to help keep your valuable data in the right hands.

Published: Friday, November 1, 2019