Yesterday I wrote a pointed blog post about ransomware (Don’t Suck – Stop Paying Ransoms) and how it ticks me off when people pay a ransom to an attacker. This morning we recorded episode 33 of the UNSECURITY Podcast about the same subject. During the discussion with Brad on the show, I made the comment that I was going to email my local government officials to inquire about how they will avoid the same mistakes that the City of Baltimore and the City of Riviera Beach made.
Here’s the email that I wrote. I encourage you to write your local government officials too. Accountability is good for everyone.
I sent this email to my City Administrator and the County Administrator where I live.
Dear <INSERT NAME>,
Hope you are well.
I’ve been a resident of <CITY/COUNTY> since <YEAR>.
I have a quick question for you. How can you assure me and other city residents that the <CITY/COUNTY> has taken the appropriate measures to protect its systems and data from a ransomware attack? I ask because there have been a rash of ransomware attacks that have hit city government recently. The most current ones being the City of Baltimore (https://arstechnica.com/information-technology/2019/06/a-tale-of-two-cities-why-ransomware-will-just-get-worse/) and the City of Riviera Beach (https://www.palmbeachpost.com/news/20190621/in-depth-how-riviera-beach-left-door-wide-open-for-hackers). As a citizen, I hope we’ve planned well and will not pay a ransom if/when an attack was to occur. Although I work in the information security field, I have no interest in selling anything. Just a concerned/interested citizen is all.
Thank you for making <CITY/COUNTY> a great place to live!
I’m sharing this because I hope it will motivate you to do the same thing in your city and/or county. Please be helpful, respectful, and courteous. Once I get an answer back, I will probably offer free help. We’ll see.