Header Ads

Breaking News

1 in 6 Massachusetts Communities Hit by ‘Ransomware’ Attacks – NECN


When he came into work one January morning two years ago, Lt. James Graham discovered the Bedford Police Department was under attack.

Dispatchers couldn’t log any new incidents in the records
management system. Then Graham found an ominous message on his computer screen.

Hackers had seized control of the department’s electronic
records. They were holding them hostage, and time was ticking; the longer the
town waited to pay up, the higher the ransom demand would climb.

“It was heartbreaking when I first saw it,” Graham recalled.
“I’m like, ‘Oh, we’re done.’”

It was a harrowing moment, but one that quickly passed.
Bedford managed to recover the police department’s files in a matter of hours
by restoring them from a backup.

Police had to manually document some incidents that occurred overnight by listening to calls and radio transmissions. But having a cyber security plan in place may have saved the town a hefty sum; without the electronic backup, it faced a choice between paying cyber criminals to unlock its files or losing records that date back more than 20 years, Graham said.

“It would have been quite a blow,” he said. “We would have
been starting from scratch again.”

Local officials across the state have faced similar
predicaments as they wrestle with a new breed of cyber attacks designed to
extort money from victims.

Hackers use malicious code known as ransomware to encrypt
computer files, then demand money to unlock the data.

In recent years, organizations across the globe have been hit by crippling ransomware attacks, ranging from major companies to hospitals, nonprofits and local governments.

Experts say the public sector is especially vulnerable
because governments tend to have outdated computer systems, and they maintain
crucial, sensitive data.

Inside the Bay State, a handful of attacks against cities
and towns have garnered widespread attention, though the problem may be more
prevalent than many imagine. Records obtained by the NBC10 Boston Investigators
show dozens of Massachusetts communities have quietly negotiated ransomware
attacks, sometimes taking days or weeks to recover, or paying large sums to
reclaim their data.

In a broad survey last year, NBC10 requested records
regarding ransomware attacks from each city and town in Massachusetts. More
than 260 responded, and the results show at least one out of every six
communities in Massachusetts has been infected by ransomware.


In most cases, town leaders were able to recover their files
from backups without paying a ransom, the records show.

But at least 10 communities handed over taxpayer money to hackers, paying bitcoin — an encrypted, digital currency that experts say is all but impossible to trace. Ransom payments ranged from $300 to more than $11,000, the records show.

Several other communities refused to disclose whether they’d
been hacked, saying that information is too sensitive to release.

Even in cases where towns recovered their files, the attacks
proved costly.

In Douglas, records show the police department considered
paying a $750 ransom when it got hacked a few years ago. They restored from
backups instead, but lost six days’ worth of police log entries. They had to
recreate the information from arrest and crash reports, the records show.

In another South Coast community, town officials got a
ransom demand for more than $4,600. They couldn’t get the money together in
time, so a police officer had to transfer cash from his personal bank account
to pay the hackers, according to records obtained by NBC10. The town later paid
him back.

Jeremy Kurtz, chief technology officer at RetroFit
Technologies, a Milford company that provides cyber security services for
dozens of cities and towns, said the results of the NBC10 survey aren’t
surprising, given the number of cyber threats the company encounters on a daily
basis.

“It can shut down municipalities very quickly,” he said, “so
the town managers get, I’ll say the word antsy when something is hitting and
they can’t control what’s going on because of the financial loss to the town or
city.”

Many ransomware attacks begin with something as simple as an email that looks like it’s from someone you trust.

Kurtz said many attacks start off in ways that really aren’t that sophisticated: sometimes malware gets inside a town’s computer network via an email that appears to be from a trusted contact, like a coworker or boss. Opening an attachment or visiting a link in the message gives hackers a foot in the door, and they can quickly infect computers across the entire network.

In one Massachusetts community, Kurtz said, leaders didn’t
have enough money to pay the ransom demand, nor did they have a way to restore
their files. The town wound up losing a trove of data, ranging from personnel
files to building records, he said.

“If you do your backups … 95 percent of the time you don’t
pay because you can recover all of your data,” Kurtz said. “If you don’t, then
you have to weigh the options. Do I lose all of my data, and what’s the cost of
that versus going out and paying to get your data back?”

Federal officials tracked a major increase in ransomware
attacks during the period from 2015 to 2016, although the occurrence of
indiscriminate ransomware campaigns has sharply declined since early 2018,
according to an announcement last fall from the FBI.

Still, financial losses from ransomware attacks increased
significantly during that time, according to the FBI, which reported receiving
2,047 complaints identified as ransomware with adjusted losses of over $8.9
million.

David Farrell, assistant special agent in charge of
counterintelligence and cyber programs at the FBI’s Boston office, said
ransomware remains one of the agency’s top cyber security concerns.

“We don’t suggest ever paying,” he said. “The more and more
people pay, the more and more it entices the ransomware criminals to keep on
going.”



Source link

No comments