Dive Brief:

• City of Las Vegas officials confirmed on Twitter that the city experienced a cyberattack around 4:30 a.m. PT on Tuesday.

  We experienced a cyber compromise at 4:30 a.m. Tuesday. Our IT team is assessing the extent of the compromise. When aware of the attempt, we immediately took steps to protect our data systems. We will have a clearer picture of the extent of the compromise over the next 24 hours.

  — City of Las Vegas (@CityOfLasVegas) January 8, 2020

• On Wednesday, the city posted that it resumed full operations and all data systems were working normally. It does not believe any data was stolen. The city is not sure who carried out the attack, but is continuing to investigate.
• This attack occurred as hundreds of thousands of tech-minded visitors are in town to attend CES.

Dive Insight:

If ongoing analysis definitively concludes that no data left the system, Las Vegas will have fared far better than other cities do after cyberattacks. Last month, New Orleans declared a state of emergency due to a cyberattack and incurred about $1 million in costs in just one week. Atlanta suffered a ransomware attack nearly two years ago that crippled many city operations, resulted in permanently lost data and racked up nearly $3 million in recovery costs in just two weeks. Dozens of other cities have found themselves in the same boat.

Cities of all sizes are falling victim to ransomware attacks more frequently than a few years ago, according to a report from cybersecurity company Recorded Future. The report explains that cities typically are not the intended targets and the breaches tend to be crimes of opportunity. Attackers set out trying to expose and leverage any entity's weak cybersecurity practices and they do not discover that they cracked a government's system until they're in.

This knowledge and the frequency of local government attacks — plus the many that aren't acknowledged publicly — suggests that cities are a weak link in the cybersecurity landscape. It underscores the importance of establishing strong security measures, especially when citizens' personal information could be at risk.

Government cyber breaches often come in the form of ransomware attacks. City employees and leaders then are faced with the decision of whether or not to pay on the chance the attackers will release the captive data. Riviera Beach, FL and Lake City, FL each paid roughly half a million dollars in ransom after weeks of suffering negative effects from separate, ongoing hacks.

But many cities do not pay the ransom despite the potentially costly fallout, especially because there is no guarantee that attackers will cease harming the system once they receive the money. Johannesburg, Atlanta and Baltimore all refused to pay hackers. Last summer, more than 225 mayors agreed not to pay a ransom in the event of a cyberattack, saying such behavior only "encourages continued attacks" on governments and financially supports malicious actors.

Las Vegas' situation could have turned disastrous if it did not have security safeguards in place and its IT employees did not catch the problem quickly. The city publicly recognized its IT staff's quick response. A city spokesperson told the Las Vegas Review-Journal that Las Vegas faces about 279,000 attempts to breach its computer system each month.

It would have been especially embarrassing for the city to experience negative consequences from a cyberattack while CES is in town because all the top names in tech would be watching firsthand. Last year, more than 175,000 people attended CES and more are expected this year.