by Phil Yacuboski
In many ways, it’s the new age bank robbery without a formal weapon – hold hostage a company or municipality computer system until they pay up while mining and stealing valuable data such as credit card, Social Security and tax identification numbers.
Ransomware attacks or the so-called ‘Robinhood’ virus, which are stepping up in recent months in cities and government computer systems around the country, force people to pay in Bitcoins. It’s become the biggest threat to computer networks, according to the Center for Internet Security, an IT non-profit.
“Municipalities don’t realize that need to provide funding to allow their IT departments to both collect data that needs to be collected like security logs from servers and store that information at least 90 days,” said John Jorgensen, president and CEO of The Sylint Group, a Florida-based cyber security and forensics firm. “They need to be able to monitor their own logs to figure out if they have a potential cyber security incident.”
Jorgensen’s firm was recently called upon to help Luzerne County figure out its own cyberattack. The company examined the virus that paralyzed the county’s computer system. The virus was likely hidden in an email message often called a phishing scam, and could have been timed to ‘detonate’ at a period when it was least expected.
Jorgensen said the county later went with another firm that was covered by their insurance carrier.
In February 2018, Allentown was hit with a ransomware attack known as “Emotet.” Hackers stole personal identification, passwords as well as infected the city’s security camera system. The city spent more than a $1 million to fix the problem.
Earlier this summer, the Butler County Library System was hit with a similar attack, forcing them to use paper system to lend books.
Philadelphia’s court system was also struck this summer, forcing docket searches and electronic filing down.
Pennsylvania trucking company A. Duie Pyle was also a recent victim of a ransomware attack, forcing its communication systems offline.
Some argue paying the hackers in bitcoins is a good option because it’s cheaper to pay the attacker, rather than spend a small fortune to rebuild an entire computer system. Others argue you can still suffer even if you pay.
“You need to figure out who you are dealing with,” said Jorgensen. “It ends up being double-encrypted data, so even if you have the keys from the attackers, you still have an issue getting back what you need. It all depends who did it, how professional they were when they did it and what your system configuration is.”
The U.S. Conference of Mayors has vowed to not pay the ransom in such attacks. At their conference in Hawaii, they formed a resolution, vowing not to fork over any money.
The FBI is in many cases called in to investigate such attacks.
Jorgensen said the best defense is to have backup systems in place to back-up your data.
“Those backups should then be disconnected from the network,” he said, adding that the attacks are getting more and more complicated. “What we have seen is that someone will be using those networks on a cloud backup, and the ransomware encrypts the servers and the backup systems as well. You can’t recover.”
Many governments and companies opt to pay insurance to pay for help with such attacks.
“Much of it depends upon the size of the system,” he said. “It could be $20,000 to $500,000. It depends on how much they are trying to protect.”
Jorgensen said both municipalities and private companies are equally at risk.