By Lee Sutherland

Law student at The George Washington University Law School. Sutherland is part of Dunlap, Bennett & Ludwig’s Summer Internship Program and is interested in national security law and cybersecurity law.

On May 7, 2019, the city of Baltimore’s networks was infected by malware, malicious software that infiltrates computers, and its systems were locked down. A ransom note was displayed on the city’s computers, demanding payment in Bitcoins to decrypt the entire city’s networks. The infected networks were taken offline, but not before the malware locked down systems including a parking fines database, and those used to pay water bills, property taxes, and vehicle citations.

This type of malware is known as ransomware, which the Cyber and Infrastructure Security Agency defines as “a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid.” Ransomware is spread through a number of means, but most commonly through either phishing emails which contain attachments or links with malicious code or visiting malicious websites that have themselves been infected by the malware. Once the ransomware has infected the system it locks or encrypts the entire system or specifically targeted data, demanding that the ransom be paid if the user wants to regain access to its data.

Baltimore did not pay the ransom and one month later the recovery process is still ongoing, less than one-third of city employees are able to log into their networks, and many city businesses have been forced to function on paper-based temporary fixes. In a press conference, the mayor stated that the estimated cost of the cleanup would be $10 million. News reports have stated that an additional $8 million was lost because of deferred or lost revenue while the city’s networks were down.

Ransomware attacks are becoming more and more common. On April 10, 2019, government officials in Greenville, North Carolina discovered that their networks were infected with the same type of malware like that used against Baltimore. The investigation and cleanup there are still ongoing. Last year, the City of Atlanta was hit with a similar attack and had to spend more than $2.6 million to mitigate the infection and restore their data.

How to protect against it?

There are several steps that can be taken to prevent ransomware from infecting computer networks. Simple steps such as ensuring that all software and operating systems are kept up to date, installing patches as soon as they are released, and employing anti-virus software can help protect networks from these type of attacks. Additionally, providing basic cybersecurity training to employees on how to identify phishing emails and safe Internet browsing practices can help prevent these infections.

Other more technical, but equally important, steps can also be taken. For example, ensuring that critical data and information are routinely backed up, keeping those backups offline, and creating whitelists that allow only approved applications to run on the system will help prevent attacks and protect networks and data in the event that an infection occurs.

Finally, prepare for the possibility of a successful attack.  Proactive planning is necessary to minimize both the damage caused by a ransomware attack and the time needed to recover. Just as schools and many office buildings have plans and drills to prepare for a potential fire, businesses and governments should establish plans of what to do, whom to call, and how to continue operations in the event of a ransomware or other cybersecurity incident.

Posted in: Cyber Law, Internet