Wednesday, September 18, 2019

Hackers paralyze communities by targeting regional providers that handle local gov't computer services

Local governments, utilities, and small- to mid-sized organizations and businesses have been increasingly hit over the past few years by cybercriminals who hack into computer systems, lock the files, and demand a ransom for unlocking them. Now, the hackers have a new target: the managed service providers that handle computer systems for local governments, medical clinics and more in the region, Renee Dudley reports for ProPublica.

MSPs chiefly market themselves on cost savings; they can be an attractive prospect for small towns and businesses that lack the funds to hire experienced IT staff. "While many MSPs offer reliable support and data storage, others have proven inexperienced or understaffed, unable to defend their own computer systems or help clients salvage files," Dudley reports. As a result, cybercriminals profit by infiltrating dozens of businesses or public agencies with a single attack, while the beleaguered MSPs and their incapacitated clients squabble over who should pay the ransom or recovery costs."

In 2019 alone, thousands of small businesses and public agencies have been hit by hackers via MSP attacks. MSPs that provide inadequate service help increase the likelihood of such cyberattacks. "By failing to provide clients with reliable backups or to maintain their own cybersecurity, and in some cases paying ransoms when alternatives are available, they may in effect reward criminals and give them an incentive to strike again," Dudley reports. A Federal Bureau of Investigations spokesperson told Dudley that hackers know MSPs are likely to pay the ransom so they won't lose business.

No comments: