Michael Beat Partner Velvet Johnson was quoted in Insurance Business America’s article, “US Towns Are Being Hit with Cyber Demands – Did Yours Make The List?” on July 30, 2018.

“The cyberattack that crippled Atlanta earlier this year may have been one of the more noteworthy hacks of a public entity, but the Georgia state capital certainly hasn’t been the only city targeted by cyber criminals in recent months – or even the one with the biggest ransom demand.

The Wall Street Journal reported in June that even smaller American cities haven’t slipped past the hungry eyes of hackers, and some of them have received much higher ransom requests – generally made in bitcoin and converted to reflect an approximate figure in dollars – than the $51,000 demanded by Atlanta’s hackers.

Other experts agree with those suspicions, though it’s also the specific data these public entities store that makes them vulnerable to attack.

“Normally, they store copious amounts of data on citizens, whether it’s tax records, property tax information, social security numbers,” said Velvet Johnson, an attorney in Michael Best’s privacy and cybersecurity group, adding, “A lot of these cities, local government, municipalities, they just don’t have the funding to invest in cyber security so they really haven’t hardened their infrastructure, which makes them a very easy target.”

Hackers who go after smaller public entities are aiming for quantity, not quality. They’re operating on volume, according to Johnson, which is easy to see when you look at the sizes of the demands. For instance, Licking County in Ohio was targeted in early 2017 with a ransom demand of $50,000, while Leeds got a demand for $12,000, of which $8,000 was paid. The end goal for the small public entity hacker is to actually get the money and not bankrupt a town or library.”