Читать книгу Cyber Mayday and the Day After - Daniel Lohrmann - Страница 17

From 2018 through 2019, ransomware attacks continued to accelerate in number and sophistication across the United States, targeting hospitals, state and local governments, and schools, causing major operational disruptions and financial impact. New York was not exempt.

On Saturday, March 30, 2019, the government cyber response team received a call from the City of Albany, which had experienced a major ransomware attack. Servers and workstations had been encrypted, resulting in significant operational impact across multiple systems and services. The attackers were demanding payment in Bitcoin to unlock systems. The City had engaged law enforcement, and FBI investigators were onsite. Within 30 minutes, the Cyber Command Center CIRT team members were onsite, helping City IT staff and the FBI with critical response actions and forensics.

City officials coordinated response and communications as the investigation and recovery efforts unfolded. The complex interdependencies between systems, data, critical functions, and services that incidents reveal never fail to amaze. Fully understanding these connections and program touchpoints in advance is critical, including linkages to county and state agencies' systems, potential collateral impact on program services, and related third-party dependencies.

New York's comprehensive whole-of-state cyber response protocol ensured coordinated state response efforts across state agencies. Emergency management alerted and assisted state agencies, such as the Department of Health, with connected systems and business processes and the impact on vital records. Routine executive briefings and the rapid exchange of information assured updates and sharing of available cyber threat intelligence with executives and participating agencies, including the New York State Intelligence Center, Division of Homeland and Emergency Security Services, and the Multi-State Information and Analysis Center (MS-ISAC).

While the attack temporarily disabled some city systems, backups of critical systems enabled recovery, and no ransom was paid. Reportedly, costs associated with remediation and recovery were roughly $300,000, for hardware, software, insurance, and other measures to increase the security and resiliency of the city's systems.²

In August 2019, the New York Times reported that more than 40 municipalities were victims of cyberattacks – from major cities such as Baltimore, Albany, and Laredo, Texas, to smaller towns including Lake City, Florida, one of the few cities to pay the ransom demand – about $460,000 in Bitcoin – because it determined that rebuilding its systems would be even more costly.³