PITTSBURGH (KDKA) — The City of Pittsburgh is talking about cyber security in light of the ransomware attack that knocked the city of Baltimore offline.
KDKA wanted to find out, just how prepared is the Steel City in the face of a hypothetical attack?
“We are recognized globally as one of the top cyber security cities in the world,” said Mayor Bill Peduto.
KDKA’s Meghan Schiller talked one-on-one with Mayor Peduto on Wednesday afternoon about the threat of an attack. He said it is a topic that comes up at mayoral conferences year-round.
“We’ve never been in a situation where we have been held hostage like the city of Baltimore is being held hostage, and we do not have an account if that were ever to happen. So there would be no money that we would ever pay,” said Mayor Peduto.
Mayor Peduto said there is not “money set aside” in case this situation occurs, but he would never pay ransom in order to get the city’s services back online.
When Baltimore’s city services were crippled by an attack, the hackers demanded at least $100,000. The city’s leadership has said the city will not pay.
“I feel like you’re not supposed to, right? Doesn’t it incentivize the behavior?” said Alberto Namnum, tourist visiting Pittsburgh. “Aren’t we not allowed to negotiate with terrorists?”
“We don’t pay ransom,” said Richard Greenberg, Pittsburgh resident. “We don’t pay ransom because if we do, that means they can get more money from somebody else.”
And the FBI says that’s the correct line of thinking when dealing with these cyber attacks.
“We don’t advocate paying for a number of reasons. Number one, the revictimization,” said Michael McKeown, Supervisory Special Agent, FBI Pittsburgh. “In other words if you pay and you’re getting decrypted, then they might come back because you paid the first time. Second, it could hurt the industry, the sector that you’re in.”
McKeown said the city of Pittsburgh, and regular people, need to position themselves in a way that an attack wouldn’t cause mass destruction. He suggested creating several backups for files, creating strong passwords, and not connecting all of your systems.
He said if a city has its police, fire and EMS systems connected, it will be easier for an issue to spread quickly with one wrong click.
“If someone falls victim to a phishing scam and it gets in and it moves laterally through the city’s connected networks,” said McKeown.
- Click here to learn how a business owner can report an attack to the FBI, along with information on how to protect yourself from cyber attacks.
Mayor Peduto remembers the last time the city got hit.
“Yeah, back when I was on city council, twice the city had been attacked. The information of the city employees was taken, our social security numbers, our addresses,” said Mayor Peduto.
That’s why he said the city works with leaders in the field to revamp the systems daily and even try to hack the system and expose vulnerabilities.
“We have people that are monitoring it daily and others that are advising us where our weaknesses may be,” said Mayor Peduto.
And the FBI wants business owners to know an IT staff is likely worth the investment when it comes to protecting a company’s information.
“If you have IT staff on site or you hire somebody, that’d be excellent,” said McKeown. “They can help you keep your backups in a good location and also periodically patch your system so you’re less vulnerable to ransomware.”