Internet Explorer 11 is not supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

As More Governments Get Hacked, Concerns Grow Over Mounting Costs

The ransom hackers' demand is typically much smaller than what it costs governments to respond.

As recent headlines would suggest, states and localities are increasingly under threat of ransomware assaults like the one on Atlanta in late March. But when it comes to the financial ramifications, the cheapest part of the whole affair is the ransom itself.

In the case of Atlanta, hackers demanded $51,000 in Bitcoin. Officials have not said whether they paid the ransom or not, but in the days following the March 22 attack, Atlanta entered into emergency contracts worth $2.7 million to help restore the city’s computer network.

What's more, much of the system is still down. The city still can’t collect water and sewer payments online. These kind of delays add up, says S&P Global Ratings analyst Geoff Buswick. "The longer it goes on," he says, "the more [likely Atlanta is to] waive fees or take other measures. So the question becomes how long can they go without being able to collect revenue normally.”

Atlanta is far from the only government to be attacked. The Colorado Department of Transportation spent $1.5 million to get its computers back up and running after ransomware attacks in February and March. In 2016, San Francisco’s light rail system was hit by ransomware and, rather than pay, let residents ride for free until they could recover access to its network. 

Maybe because of the unforeseen costs of such an attack, some places just opt to pay the ransom. Last week, the town of Leominster, Mass., paid $10,000 in Bitcoin to regain control of its school district computer system.

The financial impact and how governments respond to these events have municipal analysts taking notice. The case of Atlanta is particularly disturbing because of the size of the city and the length of time some systems have been down. “Right now, I’m trying to figure out how to deal with [cyber risk],” says Tom Kozlik, a municipal bond strategist for PNC Capital Markets. “I think a lot depends on how issuers defend themselves, and on if hackers continue to target these entities with increasing severity.”

Meanwhile, the attacks on governments are becoming more sophisticated. Buswick notes that the ransomware attack on Atlanta didn't employ the typical phishing scam, which relies on a city employee to open an email and click on a link or document that, in turn, gives hackers access to a system. In this event, the hackers were able to gain access to the city’s system thanks to password-generating software.

“That’s a concern because that’s different,” says Buswick. "Now, you can just be hit.”

Liz Farmer is a former GOVERNING fiscal policy writer.
Special Projects
Sponsored Stories
Workplace safety is in the spotlight as government leaders adapt to a prolonged pandemic.
While government employees, students and the general public had to wait in line for hours in the beginning of the pandemic, at-home test kits make it easy to diagnose for the novel coronavirus in less than 30 minutes.
Governments around the nation are working to design the best vaccine policies that keep both their employees and their residents safe. Although the latest data shows a variety of polarizing perspectives, there are clear emerging best practices that leading governments are following to put trust first: creating policies that are flexible and provide a range of options, and being in tune with the needs and sentiments of their employees so that they are able to be dynamic and accommodate the rapidly changing situation.
Service delivery and the individual experience within health and human services (HHS) is often very siloed and fragmented.
In this episode, Marianne Steger explains why health care for Pre-Medicare retirees and active employees just got easier.
Government organizations around the world are experiencing the consequences of plagiarism firsthand. A simple mistake can lead to loss of reputation, loss of trust and even lawsuits. It’s important to avoid plagiarism at all costs, and government organizations are held to a particularly high standard. Fortunately, technological solutions such as iThenticate allow government organizations to avoid instances of text plagiarism in an efficient manner.
Creating meaningful citizen experiences in a post-COVID world requires embracing digital initiatives like secure and ethical data sharing, artificial intelligence and more.
GHD identified four themes critical for municipalities to address to reach net-zero by 2050. Will you be ready?
As more state and local jurisdictions have placed a priority on creating sustainable and resilient communities, many have set strong targets to reduce the energy use and greenhouse gases (GHGs) associated with commercial and residential buildings.