Author | Raquel C. Pico

In the list of cybersecurity threats, ransomware has emerged as one of the most rapidly expanding in recent years. New statistics indicate an annual increase of 42% in ransomware cases, elevating it to one of the foremost concerns for urban IT managers.

In order to gain a complete understanding of what constitutes a ransomware attack, we need to first understand two key issues. One crucial aspect is the paramount significance of data, which has solidified its position as the cornerstone upon which an increasing number of everyday elements rely. Another is the impact of losing control over this information, which can result in legal, economic, and reputational repercussions.

Cybercriminals utilize malware as their primary tool, exploiting security breaches, sometimes as simple as human errors, to gain control over systems. Subsequently, they issue threats to either delete the information or make it public if a ransom payment is not made. During this process, the systems remain effectively blocked, rendering everything dependent on them inoperative. Consequently, for cities, it comparable to having the lights abruptly switched off, forcing people to operate in darkness,

Cities that have fallen victim to ransomware

Cities are not the only victims of ransomware. The spectrum of potential targets that cybercriminals have in mind ranges from private companies, including SMEs and major corporations, as well as highly sensitive entities like hospitals. The cyberattack on the Hospital Clínic in Barcelona in 2023 is a recent example.

Nonetheless, as highlighted in an analysis published by the World Economic Forum, cities present a particularly easy target for cybercriminals due to operational vulnerabilities. Cities often lag behind private companies in terms of the digital transition, which increases the likelihood of their systems being outdated in an environment where an increasing number of elements are being digitized.

Hence this issue is impacting towns and cities of all sizes worldwide. The most notable cases have occurred in medium to large cities, as the urban scale entails a larger number of potential victims and greater potential effects. In light of this situation, cybercriminals exert greater pressure on their victims.

An attack in Dallas rendered numerous municipal departments inoperative, forcing authorities to manage emergencies using analog methods. The same occurred in Oakland, where residents’ and municipal personnel’s data ended up being published on the dark web. A few years ago, ransomware incidents caused electricity supply interruptions in Johannesburg and disrupted Dublin’s tram system.

How to ensure protection against ransomware

Despite the potential risks posed by these attacks, cities cannot afford to shun digitalization as a means to avoid them. A robust ransomware defense and a comprehensive digital strategy are essential for preventing such issues.

Just as cities develop physical security strategies, they must also prioritize the development of digital security measures. Cities must implement cyber-resilience strategies, establish specialized teams, and provide comprehensive education to personnel to mitigate human error, and understand and adapt to the evolving challenges of the 21st century in the municipal landscape. Today’s urbanism is already digital.

This is why it is often said that smart cities are better prepared to manage these situations compared to non-smart cities, since their IT tools and their systems are consistently monitoring and functioning. Cities are typically not showcased as success stories when it comes to detailing their efforts to combat potential cyberattacks. However, the inherent nature of smart cities is what gives them strength in this regard.

In short, the primary defense against ransomware lies in implementing a robust digital strategy. It is simply the digital version of the popular adage that “prevention is better than cure.” Ransomware prevention guides recommend modernizing technology and constantly updating systems and programs. Proactive monitoring and the establishment of alert systems for detecting issues can prove to be immensely beneficial.

Among the recommendations on how to combat ransomware, having a recovery strategy in place is equally crucial. This strategy aids in reactivating the city in the event that, despite all efforts, the attack is successful. Equally important is separating systems based on their condition. By segregating more critical systems from those that are less so, makes them more inaccessible.

Both expert security firms and law enforcement agencies emphasize that cities should never pay cybercriminals. Succumbing to extortion does not guarantee resolution of the problem. Despite all efforts, cybercriminals may still choose to publish the data, and it potentially invites further attacks as they realize the effectiveness of their tactics.

Image | Just Super