Ransomware Attack Cripples Municipality: Are Intermittent Backups The Answer?

Written exclusively for My Community Workplace for Government

December 19, 2024

In Wichita, Kansas, a ransomware attack caused the largest city in the state to shut down some of its services to prevent further spread of the malware.

Services included IT systems, public Wi-Fi, the city phone system, court payments, and public transportation. The city had to employ cash transactions.

The plan was to restore systems in a staggered fashion to minimize disruptions, but no timetable was given as to when several city systems would be operational.

The city decided not to disclose the threat actors responsible for the attack for "operational security purposes," and is not disclosing what data the cybercriminals gained access to.

Rashmi Ramesh "Ransomware Attack Shuts Down Kansas City Systems" https://www.govinfosecurity.com/ransomware-attack-shuts-down-kansas-city-systems-a-25143 (May 09, 2024).

Commentary and Checklist

Ransomware attacks are increasing and government entities (and public colleges) are paying the most, according to a Business Insider article, citing a report by Sophos, a UK-based software security company.

The lowest median ransom payment for organizations in general was $300,000, while government agencies (and colleges) posted the highest with a median of $6.6M.

More than 1,000 of the surveyed organizations report they paid the demanded ransom.

https://www.businessinsider.com/government-agencies-are-paying-the-most-for-ransomware-attacks-2024-7; https://www.sophos.com/en-us/content/state-of-ransomware

One of the most effective means of recovering from a ransomware attack without paying ransom is to have, and enforce, a mandatory data backup policy.

What should government entities consider including in their backup policies?

  • The backup policy should be mandatory and monitored for compliance.
  • Require incremental backups throughout the day, as well as full backups, nightly.
  • Have multiple, trained personnel cross-trained regarding making backups for those who are on PTO, or in the event of illness or death.
  • Make a testing plan as to the integrity of the backed-up data that simulates restoration in the event of malware or a hardware failure.
  • Chose a variety of backup methods and storing locations, including both cloud and hard drives.
  • As for hard drive backups, store them in at least two different locations - never have only one physical location. No single server, office, or building should house all backup copies because of potential catastrophic losses like theft, fire, flood, earthquake, etc.
Finally, your opinion is important to us. Please complete the opinion survey:

Site Zones

Select Organization Type

Select Program

My Community Workplace

Visit mycommunityworkplace.org