When a ransomware attack hit a major U.S. city this past February, the attackers threatened to release sensitive personal information if their demands weren’t met. Soon enough, the group released 10 gigabytes of data. In April, the still-unpaid ransomware attackers dumped another 600 gigabytes of data including social security numbers, home addresses, and medical data belonging to thousands of current and former city workers and confidential information related to city residents.

In the aftermath of the attack, the city administrator declared a state of emergency to speed up the data restoration process, but either unable or unwilling to meet the ransom demand, the city is now faced with the massive task of notifying and answering to thousands of people impacted by the breach.

Already, the city’s Police Officers’ Association has filed a claim against the city for damages inflicted by the attack, seeking financial restitution, credit and bank monitoring and identity theft insurance. Other organizations and individuals are sure to follow.

Municipalities are a priority ransomware target

Municipalities Are a Priority Ransomware Target

This incident is one of many massive ransomware attacks to make headlines over the past several months. Verizon reports a dramatic surge in ransomware in 2022 — a quarter of all breaches for the year originated with this method. Meanwhile, as Sophos reports in its “State of Ransomware 2022” report, ransomware impacted 66% of organizations in 2021, an increase of nearly 80% over the prior year.

Municipalities, in particular, are increasingly being targeted by ransomware attackers. A recent report showed that ransomware attacks on local governments increased by 70% for 34-58% of those surveyed, and that those attacks were more expensive than ever, with five- and six-digit ransom demands becoming the norm.

Why Bad Actors Focus Their Cyberthreats on Government Entities

While the recent attack seems to have focused mostly on employee records, attacks on cities can pose serious, potentially fatal risks. Vital services are at risk, including power grids, water treatment facilities and emergency response networks. There are a few key reasons why ransomware attackers are training their weapons on government entities:

  • Cities often operate outdated, legacy systems more vulnerable to attack and more prone to false positive flags requiring manual analysis
  • Municipal budgets are typically quite limited, leaving gaps in cybersecurity coverage

City of Phoenix

How MixMode Improved the City of Phoenix’s Cybersecurity Posture

The City of Phoenix’s cybersecurity leaders, CISO Shannon Lawson and Deputy CISO Mitchell Kohlbecker, have been at the forefront of adopting new technology to solve the fundamental problem perplexing cybersecurity leaders everywhere:

How can we reduce our ever-expanding, costly and inefficient cyber tool footprint while also increasing the effectiveness of our cyber defenses and the productivity of our lean SOC team?

Lawson recounts 15 years spent trying to implement a robust cyber defense capable of surfacing increasingly sophisticated threats in real-time with the least amount of maintenance and cost, a problem that has only widened with the expansion of cloud utilization and increasing network complexities. “The good guys have fallen too far behind the advanced threat actors,” Lawson notes.

MixMode worked with the City of Phoenix’s cybersecurity team to deploy a next-generation SOC platform using Self-Learning Artificial Intelligence to enable real-time visibility into all threats and anomalies in their network, both known and novel (like zero-days), consolidate their legacy toolset, and improve the productivity of their SOC team.

Kohlbecker adds, “The MixMode platform was live and delivering insights other platforms had missed within 24 hours.”

Learn how the City of Phoenix cut its cyber tool footprint in half, gained visibility into advanced foreign adversary attacks, and greatly improved the productivity of its SOC staff.

Other MixMode Articles You Might Like

The 2 Questions Cybersecurity Clients Ask the Most When Seeking a Trustworthy Provider

Delivering Generative AI to Cybersecurity for Over 3 Years

MixMode Selects CrowdStrike as Cybersecurity Partner, Joins CrowdStrike Elevate Partner Program

How the City of Phoenix Rapidly Modernized its Cybersecurity Defenses

A Recent 45% Surge in Ransomware Attacks Has Cybersecurity Community on High Alert

Latest Mass Ransomware Attack May Mark New, Slow-Rolling Approach By Threat Actors