Lessons Learned from Cleveland City Hall Cyber Attack

July 10, 2024

Last month, Cleveland City Hall shut down due to what it initially described as a “cyber incident,” which was later explained as a ransomware attack. Many of the functions provided by City Hall stopped or significantly slowed, leaving residents and employees frustrated. It wasn’t until a week later that City Hall reopened. According to reports, the attackers were associated with a Russian cybercriminal ring that has attacked other municipalities.

What is a Ransomware Attack?

So, what is a ransomware attack?  According to the National Institute of Standards and Technology, “[r]ansomware is a type of malware that encrypts an organization’s data and demands payment as a condition of restoring access to that data. Ransomware can also be used to steal an organization’s information and demand additional payment in return for not disclosing the information to authorities, competitors, or the public. Ransomware attacks target the organization’s data or critical infrastructure, disrupting or halting operations and posing a dilemma for management: pay the ransom and hope that the attackers keep their word about restoring access and not disclosing data, or do not pay the ransom and attempt to restore operations themselves.”

What sets ransomware attacks apart from other cyber-attacks is that the ransomware attackers want you to know what they have done and what information they have taken.  The point is, the ransomware attackers want to hold private information hostage in exchange for money. Other cybercriminals may not even want you to know your information has been compromised so that they can use your information without you knowing .

How to Prevent a Ransomware attack

Because ransomware attacks are so harmful and can be (and are often intended to be) embarrassing, businesses should take extra caution to protect against ransomware attacks. Here are some things companies should do immediately to help prevent ransomware attacks.

  • Avoid opening suspicious emails or clicking on links or files that are uncertain—these may be phishing scams or malware attacks.
  • Ensure your company has the latest antivirus software installed and keep it updated.
  • Conduct regular system tests and promptly patch any known vulnerabilities.
  • Ensure employees use work-issued computers and devices solely for work purposes.
  • Employ qualified, dedicated IT professionals or use a trusted vendor and maintain close communication.
  • Utilize anti-malware software to detect and respond promptly to known threats.
  • Maintain backups of critical data and systems to ensure business continuity in case of an attack.
  • Implement multi-factor authentication for accessing work laptops, smartphones, and other devices.
  • Encrypt confidential information and restrict access to authorized personnel only.
  • Develop an incident response plan involving trusted advisors such as your IT team, insurance agent, and attorneys.

Bottom line, cyber-attacks are a fact of life. We do what we can to prevent them, but sometimes the best preparations are not enough.  The most important thing to keep in mind in responding to a cyber-attack is not to panic and to immediately contact your trusted advisors for help.  You are not alone in this fight. KJK is here to help. For assistance navigating a cyber-attack, please contact KJK Cyber Security & Data Breach attorney Michael Hoenig (MHD@kjk.com, 216.736.7247).