CHICAGO (AP) — Cyberattacks that recently crippled nearly two dozen Texas cities have put other local governments on guard, offering the latest evidence that hackers can halt routine operations by locking up computers and public records and demanding steep ransoms.
Government agencies that fail to keep reliable backups of their data could be forced to choose between paying ransoms or spending even more to rebuild lost systems. Officials are increasingly turning to cybersecurity insurance to help curb the growing threat.
“I think we’re entering an epidemic stage,” said Alan Shark, executive director of the Public Technology Institute, which provides training and other support for local government technology employees. “The bad actors have been emboldened.”
The attacks, which have been happening for years, can set governments back decades. Libraries can’t use electronic checkout systems. Police can’t access electronic records, and utility bills must be paid with paper checks rather than online.
Protection is expensive, particularly for smaller cities whose employees may not be trained on the latest ransomware, which often spreads through emails containing malicious links or attachments. Hackers can also entice users to visit a compromised website and then encrypt files stored on a computer or network until a payment is made.
In Keene, a community of about 6,000 people about 45 miles southwest of Dallas, problems began last Friday when computers used by its roughly 50 employees locked up and prevented any credit card payments, officials said.
Three other cities identified themselves as victims. A spokeswoman for the city of Borger declined to comment on security efforts or costs, and messages for officials in Wilmer and Kaufman were not returned.
The Department of Homeland Security and the FBI are working with the affected cities but declined to release the names of all 22 governments or provide any detail about how the hackers gained access to their systems.
Cities of all sizes have been targeted in recent years, including Atlanta, Baltimore, Newark, New Jersey, and Savannah, Georgia.
After a 2018 malware attack, Savannah officials canceled traffic court for weeks. Everything from 311 call center requests to city permits and licenses were halted or delayed. Information Technology Director Mark Revenew remained reluctant to discuss details more than a year later, including how investigators believe the city’s systems were compromised.
“These guys are like bank robbers,” Revenew said. “They look at what attacks work and then they replicate it.”
Baltimore officials refused a demand for about $76,000 in bitcoin to restore access to the city’s network. Federal prosecutors last year indicted two Iranian men for ransomware attacks on more than 200 victims, including Atlanta and Newark. The attacks netted more than $6 million and cost the affected governments and companies more than $30 million.
According to the FBI, more than 1,400 ransomware attacks were reported last year, and victims reported paying $3.6 million to hackers.
The FBI does not say how many of those reports came from state or local governments, but other research suggests they are a growing target for hackers. Intelligence analyst Allan Liska recorded 62 ransomware attacks yet this year on government entities, already exceeding last year’s total of 54 based on local media reports.
Liska said his review has found government entities are less likely to pay a ransom than private companies or individuals. Attacks on government generate more attention, though, and hackers seem to be seeking infamy along with a payout.
Governments are among a growing number of clients shopping for cybersecurity insurance. Some customers get the coverage as part of a larger package while others buy a stand-alone cyber policy. Insurers reported taking in more than $2 billion in premiums for cyber coverage last year, according to the insurance brokerage firm Aon’s June report.