In the early hours of Tuesday morning, city officials in Las Vegas were alerted that their computer network had suffered a security breach.
Details are currently scarce, with a post from the city’s official Twitter account merely confirming that an incident occurred and that it is being investigated.
We experienced a cyber compromise at 4:30 a.m. Tuesday. Our IT team is assessing the extent of the compromise. When aware of the attempt, we immediately took steps to protect our data systems. We will have a clearer picture of the extent of the compromise over the next 24 hours.
— City of Las Vegas (@CityOfLasVegas) January 8, 2020
Inevitably there will be concerns that Las Vegas may be the latest in a line of cities to suffer from a ransomware attack.
Recent months have seen a spate of US states and cities struck by ransomware, some of which have resulted in criminal gangs successfully extorting ransom payments amounting to millions of dollars.
Of course, one of the big problems with giving in to an extortionist’s ransomware demand is that you run the risk of encouraging other criminals to launch similar attacks.
If it is a ransomware attack that has hit Las Vegas then the cybercriminals may be out of luck if they’re hoping that the city will pay up.
In July last year, Las Vegas’s mayor was a driving force behind a resolution from the United States Conference of Mayors (USCM), agreeing to “stand united against paying ransoms in the event of an IT security breach.”
According to an article in The Las Vegas Review Journal, the city fends off an average of 279,000 attempts to breach its systems every month.
“A lot of people out there… are trying to open that cyber door,” says city spokesperson David Riggleman.
Let’s hope that whatever type of security breach has happened on Las Vegas’s city network it is not as painful as the one which crippled the city of Baltimore last year, where the mayor refused to pay a US $76,000 ransomware demand only to find out that his IT team’s idea of a data backup would be laughable if it wasn’t so woeful.
You learn more about Baltimore’s embarrassing response to its ransomware attack, in this episode of the “Smashing Security podcast:
Baltimore’s Mayor Bernard C. “Jack” Young was a fellow sponsor of the USCM resolution to not pay ransomware extortionists.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.