First it was Atlanta, then Baltimore. In a matter of days, hackers launched cyberattacks in both cities, hobbling the 911 emergency response system in Baltimore and crippling a wide swath of city services in Atlanta, knocking out Wi-Fi at the nation’s busiest airport and forcing city workers to keep records with pen and paper.
No evidence has emerged suggesting the attacks are connected. But in both cases the hackers used ransomware, which encrypts a victim's files and then sends a digital ransom note demanding money to decrypt them.
In Atlanta, hackers demanded $51,000 in the cryptocurrency bitcoin. City officials declined to say whether they made the payments. Baltimore officials didn’t release details on the ransom amount.
The attacks are part of a fast-growing market in computer hacking. In a 2016, the FBI reported major uptick in ransomware attacks, with more than $200 million in payments to hackers in the first three months. That's almost 10 times the amount paid during the same period in 2015. Since the beginning of 2018, the SamSam ransomware -- which was used in the recent Atlanta attack and shut down the Colorado Department of Transportation for several days last month -- has raked in more than $1 million from 30 organizations.
The FBI advises organizations hit by ransomware not to pay. There are no guarantees the hackers will return the hijacked data. And the agency argues that paying off hackers only encourages more attacks, Governing reports.
Government agencies, says Tom Gilbert of cybersecurity firm Blue Ridge Networks need to do a better job of partitioning their networks. Not every piece of data needs to be shared and not every department needs to be open to the internet.
“The absolute critical aspects of an operation really have no business being directly connected to the internet," Gilbert says.