Ransomware is a growing threat in cities: How are they defending themselves?
This article is also available here in Spanish.

Ransomware is a growing threat in cities: How are they defending themselves?

My list

Author | Raquel C. Pico

In the list of cybersecurity threats, ransomware has emerged as one of the most rapidly expanding in recent years. New statistics indicate an annual increase of 42% in ransomware cases, elevating it to one of the foremost concerns for urban IT managers.

In order to gain a complete understanding of what constitutes a ransomware attack, we need to first understand two key issues. One crucial aspect is the paramount significance of data, which has solidified its position as the cornerstone upon which an increasing number of everyday elements rely. Another is the impact of losing control over this information, which can result in legal, economic, and reputational repercussions.

Cybercriminals utilize malware as their primary tool, exploiting security breaches, sometimes as simple as human errors, to gain control over systems. Subsequently, they issue threats to either delete the information or make it public if a ransom payment is not made. During this process, the systems remain effectively blocked, rendering everything dependent on them inoperative. Consequently, for cities, it comparable to having the lights abruptly switched off, forcing people to operate in darkness,

Cities that have fallen victim to ransomware

Cities are not the only victims of ransomware. The spectrum of potential targets that cybercriminals have in mind ranges from private companies, including SMEs and major corporations, as well as highly sensitive entities like hospitals. The cyberattack on the Hospital Clínic in Barcelona in 2023 is a recent example.

Nonetheless, as highlighted in an analysis published by the World Economic Forum, cities present a particularly easy target for cybercriminals due to operational vulnerabilities. Cities often lag behind private companies in terms of the digital transition, which increases the likelihood of their systems being outdated in an environment where an increasing number of elements are being digitized.

Hence this issue is impacting towns and cities of all sizes worldwide. The most notable cases have occurred in medium to large cities, as the urban scale entails a larger number of potential victims and greater potential effects. In light of this situation, cybercriminals exert greater pressure on their victims.

An attack in Dallas rendered numerous municipal departments inoperative, forcing authorities to manage emergencies using analog methods. The same occurred in Oakland, where residents’ and municipal personnel’s data ended up being published on the dark web. A few years ago, ransomware incidents caused electricity supply interruptions in Johannesburg and disrupted Dublin’s tram system.

How to ensure protection against ransomware

Despite the potential risks posed by these attacks, cities cannot afford to shun digitalization as a means to avoid them. A robust ransomware defense and a comprehensive digital strategy are essential for preventing such issues.

Just as cities develop physical security strategies, they must also prioritize the development of digital security measures. Cities must implement cyber-resilience strategies, establish specialized teams, and provide comprehensive education to personnel to mitigate human error, and understand and adapt to the evolving challenges of the 21st century in the municipal landscape. Today’s urbanism is already digital.

This is why it is often said that smart cities are better prepared to manage these situations compared to non-smart cities, since their IT tools and their systems are consistently monitoring and functioning. Cities are typically not showcased as success stories when it comes to detailing their efforts to combat potential cyberattacks. However, the inherent nature of smart cities is what gives them strength in this regard.

In short, the primary defense against ransomware lies in implementing a robust digital strategy. It is simply the digital version of the popular adage that “prevention is better than cure.” Ransomware prevention guides recommend modernizing technology and constantly updating systems and programs. Proactive monitoring and the establishment of alert systems for detecting issues can prove to be immensely beneficial.

Among the recommendations on how to combat ransomware, having a recovery strategy in place is equally crucial. This strategy aids in reactivating the city in the event that, despite all efforts, the attack is successful. Equally important is separating systems based on their condition. By segregating more critical systems from those that are less so, makes them more inaccessible.

Both expert security firms and law enforcement agencies emphasize that cities should never pay cybercriminals. Succumbing to extortion does not guarantee resolution of the problem. Despite all efforts, cybercriminals may still choose to publish the data, and it potentially invites further attacks as they realize the effectiveness of their tactics.

Image | Just Super

Related content

Recommended profiles for you

PM
Paulo Marques Augusto
Cascais Próxima E.M.,S.A.
MG
Miguel García
CIS Benchmark Acreditación STAR de la CSA Certificación STAR de la CSA CSA-evaluación automática en estrella ISO 20000-1:2011 ISO 22301 ISO 27001 ISO Global 27017 ISO 27018 ISO 27701 ISO 9001 SOC WCAG Gobierno de Estados Unidos CJIS CNSSI 1253 DFARS DoD DISA L2, L4, L5 DoE 10 CFR Parte 810 EAR (ADM. de exportación de EE. UU.) FedRAMP Gobierno de Estados Unidos FIPS 140-2 IRS 1075 ITAR NIST 800-171 NIST CSF VPATS según Capítulo 508
Dueño
BO
Bernard Oosterbeek
Nuntius Tecnologia
General Manager
KL
Ken Leis
Leisure Lawn and Green
KB
Karin Beckérus
Sparks & Benders
SS
Saubhagyajeet Sahoo
DRIEMS Group Of Institutuion
Student
MA
Manuel Ayala
Praga Technology SAC
Manager
SF
Silvio Foschi
iMoi Srl
Chief Operation Officer
TW
Toru Wakagi
SonySemiconductorSolutionsCorporation
GP
Giovanni Palombini
A2A SMART CITY
PS
prince siddharth
Adani Power
Engineer
DS
Dmitry Streltsov
Axis Communications, Eastern Europe
Business Development Manager, Eastern Europe
DS
Dieter Segers
Stad Genk
JB
Jan Berka
Siemens
Sr. Solution architect of Smart Campus/City, overseeing projects in Middle East and Asia.
AG
Antonio Gómez
Neoico MGA
I amb desig solucions
LG
Ljupco Gruevski
Pro grupa doo
SJ
Sivaram J
Kongu
Student
JP
Javier Pineda
So Lighting S.à.r.l.
JH
Jhonatan Angel Huarca Limachi
CYMTEL S.A.C
DC
Deborah Chiriboga
AVanter