As the number of municipalities hit with ransomware attacks rises, public records researchers may be faced with the question of what to do when the material you need to access simply isn’t available.
The attacks to date have varied in their severity and the extent to which attackers were able to deny access to public records. In Jackson County, Georgia county officials opted to pay $400,000 to attackers after county computer systems were “crippled” and, according to county officials, would have taken months to restore. In Albany, New York a March 2019 ransomware attack knocked police and vital records (birth, death and marriage) offline but the extent of the damage was otherwise limited. The Baltimore (Maryland) City Council recently authorized $20 million to pay consultants and other professionals helping the city recover from a May attack.
Just as the severity of the attacks runs the gamut so will the ability of researchers to respond and continue working. As of this writing, it seems that attackers are most often seeking to deny access to systems tied to revenue generation (e.g., utility billing systems, vital records reproduction). These are not areas that researchers will often need to access. As they attempt to deny access to revenue generating systems, attackers are also, however, seeking to cripple communications so requests for municipal e-mails could be dramatically delayed. As unsatisfying as it is, the answer to the access question will depend on which municipal resources have been taken offline and whether the affected municipality created a protected back-up. Stay tuned.