Ransomware is a growing threat in cities: How are they defending themselves?
This article is also available here in Spanish.

Ransomware is a growing threat in cities: How are they defending themselves?

My list

Author | Raquel C. Pico

In the list of cybersecurity threats, ransomware has emerged as one of the most rapidly expanding in recent years. New statistics indicate an annual increase of 42% in ransomware cases, elevating it to one of the foremost concerns for urban IT managers.

In order to gain a complete understanding of what constitutes a ransomware attack, we need to first understand two key issues. One crucial aspect is the paramount significance of data, which has solidified its position as the cornerstone upon which an increasing number of everyday elements rely. Another is the impact of losing control over this information, which can result in legal, economic, and reputational repercussions.

Cybercriminals utilize malware as their primary tool, exploiting security breaches, sometimes as simple as human errors, to gain control over systems. Subsequently, they issue threats to either delete the information or make it public if a ransom payment is not made. During this process, the systems remain effectively blocked, rendering everything dependent on them inoperative. Consequently, for cities, it comparable to having the lights abruptly switched off, forcing people to operate in darkness,

Cities that have fallen victim to ransomware

Cities are not the only victims of ransomware. The spectrum of potential targets that cybercriminals have in mind ranges from private companies, including SMEs and major corporations, as well as highly sensitive entities like hospitals. The cyberattack on the Hospital Clínic in Barcelona in 2023 is a recent example.

Nonetheless, as highlighted in an analysis published by the World Economic Forum, cities present a particularly easy target for cybercriminals due to operational vulnerabilities. Cities often lag behind private companies in terms of the digital transition, which increases the likelihood of their systems being outdated in an environment where an increasing number of elements are being digitized.

Hence this issue is impacting towns and cities of all sizes worldwide. The most notable cases have occurred in medium to large cities, as the urban scale entails a larger number of potential victims and greater potential effects. In light of this situation, cybercriminals exert greater pressure on their victims.

An attack in Dallas rendered numerous municipal departments inoperative, forcing authorities to manage emergencies using analog methods. The same occurred in Oakland, where residents’ and municipal personnel’s data ended up being published on the dark web. A few years ago, ransomware incidents caused electricity supply interruptions in Johannesburg and disrupted Dublin’s tram system.

How to ensure protection against ransomware

Despite the potential risks posed by these attacks, cities cannot afford to shun digitalization as a means to avoid them. A robust ransomware defense and a comprehensive digital strategy are essential for preventing such issues.

Just as cities develop physical security strategies, they must also prioritize the development of digital security measures. Cities must implement cyber-resilience strategies, establish specialized teams, and provide comprehensive education to personnel to mitigate human error, and understand and adapt to the evolving challenges of the 21st century in the municipal landscape. Today’s urbanism is already digital.

This is why it is often said that smart cities are better prepared to manage these situations compared to non-smart cities, since their IT tools and their systems are consistently monitoring and functioning. Cities are typically not showcased as success stories when it comes to detailing their efforts to combat potential cyberattacks. However, the inherent nature of smart cities is what gives them strength in this regard.

In short, the primary defense against ransomware lies in implementing a robust digital strategy. It is simply the digital version of the popular adage that “prevention is better than cure.” Ransomware prevention guides recommend modernizing technology and constantly updating systems and programs. Proactive monitoring and the establishment of alert systems for detecting issues can prove to be immensely beneficial.

Among the recommendations on how to combat ransomware, having a recovery strategy in place is equally crucial. This strategy aids in reactivating the city in the event that, despite all efforts, the attack is successful. Equally important is separating systems based on their condition. By segregating more critical systems from those that are less so, makes them more inaccessible.

Both expert security firms and law enforcement agencies emphasize that cities should never pay cybercriminals. Succumbing to extortion does not guarantee resolution of the problem. Despite all efforts, cybercriminals may still choose to publish the data, and it potentially invites further attacks as they realize the effectiveness of their tactics.

Image | Just Super

Related content

Recommended profiles for you

MS
Marcelo Szeer
Vianet telecomunicações e Internet
Ceo
WA
Wilman Aldean
Emseguridad
Coordinador Operativo Logístico
CK
Christof Kraka
BKS GmbH
Pre sales engineer
JJ
Jon Jaureguibeitia
Gobierno Vasco - Dept. Seguridad
IT Projects Chief.
AA
asdasd asdasd
universidad
MM
Marcos Cruz Molina Marcos
Municipio Vega Baja
CZ
Cheng Zhao Lin
Hong Kong Polytechnic University
PF
Pablo Filomeno
Feeder
Co-Founder & CEO
ME
Marc Enciso
Fira de Barcelona
Senior Architect
LA
Lawrence Agbemabiese
Planning and Policy Associates LLC
JC
Jorge Conejero Alberzoni
Lenovo
AA
Anniina Autero
City of Tampere
Project Manager EU/UIA Smart urban security and event resilience SURE-project 2019-2022
​K
​Noël Kennedy
TUBR
RN
Rumy Narayan
University of Vaasa
PR
Patrick Riota
Campo Verde
CSR
LI
Leila Irajifar
RMIT University
Lecturer
FF
Flavia flaa
school
ML
MARIO LAOS
NATIONAL INSTITUTE OF NEOPLASTIC DISEASE FROM PERU
ENVIRONMENTAL ENGINEERING SPECIALIST
MM
Marcos Mendiola
everis Aerospace, Defense & Security
Product & Presales Leader
JM
John Manning
Microsoft
Marketing and messaging SME