top of page
  • NMSG

Ransacked by Ransomware

Updated: Dec 17, 2019

The technological future of our cities is in equal parts predicated on intelligence and efficiency, otherwise known as being SMART. City-Regional planners and elected officials, with good intent, are focused on improving key areas of city life, like the optimal distribution of power and water. Smart grids even that are able to prioritize power flow to areas of high demand, and/or scale back supply from places not requiring as much are being developed.

With significant increases in the installation of things like traffic cameras, meters, and sensors across US cities, the number of vulnerabilities and by extension network attack surface, naturally expands as well.

Take for instance the NotPetya malware that proliferated across Ukraine's power grid in 2017, which subsequently left more than 225,0000 people without power. This and other kinds of freely accessible malicious software could conceivably disable our power plants, hospitals, waste management, transportation, and traffic systems. Ransomware attacks this year alone have hit:

  1. San Francisco

  2. Dallas

  3. Atlanta

  4. Baltimore

  5. Pensacola

  6. New Orleans

And these are just some of the attacks that we know about.

One particular strain of ransomware called Ryuk, has this year alone been found in over 500 separate attacks on schools and hospitals. Ryuk waits until it spreads across the entire target network before encrypting files, computers, and communications. What has also been apparent is that threat actors are steadily increasing the amount it costs to decrypt ransomed data.

Are US Cities Under Siege?

San Francisco

The Municipal Transportation Agency files were locked by ransomware, with the attackers demanding over $70,000 as payment. This resulted in the system being shutdown over Thanksgiving weekend, but engineers ultimately were able to restore the system and no ransom was paid.


More than 150 municipal alarms awakened residents at approximately midnight when attackers accessed the network, which resulted in around 4,400 calls to emergency services for a solid three hours.


Ransomware ground the city to a halt. Services impacted included bill payment, court scheduling and police dashboard cameras. Although they refused to pay a ransom of roughly $51,000; Atlanta Mayor, Keisha Lance Bottoms, "estimated the cost of repairs at around $7.2 million and said she expected that number to rise".


Municipal servers in Baltimore fell to the RobbinHood ransomware. Attackers demanded a ransom of approximately $76,000, but the city refused to pay. Public services were down for about three weeks; and officials have "estimated the cost of repairing the damage at around $18 million".


This city suffered a cyber-attack the same day as a mass shooting which (although later determined unrelated) shut down much of the city's computer network, phones, and email at City Hall. According to the mayor, payments for the city’s sanitation and energy services along with 311 customer services were also affected.

New Orleans

This attack resulted in computers going offline, offices closed, and city government's websites down. According to local reports, the New Orleans Police Department was also told to shut down their computer equipment and remove everything from the network. Additionally, the Office of Motor Vehicle locations were closed for weeks.

Defending Forward

In efforts to establish a stronger and more resilient security posture, here are three best practices employed by various security teams responsible for protecting US cities:

Encryption and Segmentation

Anything being sent over networks should be encrypted -- it's just that simple. And cities also should make sure that not all services are on the same network.

Anonymity and Destruction

Some cities are anonymizing their data and destroying footage collected immediately after analysis.

Capacity and Continuous Monitoring

In New York for instance, there are environments specially dedicated solely to examining Internet of Things devices, their performance, and vulnerabilities.


Updated: 12/17/2019

36 views0 comments

Recent Posts

See All
bottom of page