Ransom Demands and Frozen Computers: Hackers Hit Towns Across the U.S.

[tao]

Online extortionists search for vulnerabilities, offer instructions on how to pay in bitcoin

 

Town officials in Rockport, Maine, were closing up shop on Friday, April 13, when they realized they couldn’t open files on their computers.

 

After fielding messages from town workers, local information-technology contractor Gus Natale said he “went straight to the town office and started yanking plugs.”

 

An unknown hacker had snuck malicious software onto the network and was demanding a payment of roughly $1,200 in bitcoin in return for codes to unlock the town’s files.

 

“My thinking was, let’s just get this paid. It’s a small amount,” said Town Manager Rick Bates. But, he added, Mr. Natale and a helper “did not want the bad guys to beat them.”

 

The attack on Rockport is one example in a rising tide of similar invasions of municipal systems across the U.S.—from major cities like Atlanta, which got hit in March, to counties, tiny towns and even a library system in St. Louis. Local governments are forced to spend money on frantic efforts to recover data, system upgrades, cybersecurity insurance and, in some cases, to pay their online extortionists if they can’t restore files some other way.

 

Public-sector attacks appear to be rising faster than those in the private sector, according to the Ponemon Institute, a Traverse City, Mich., research company focused on information security. Ponemon estimates 38% of the public entities it samples will suffer a ransomware attack this year, based on reports through May, up from 31% last year and 13% in 2016. The company samples roughly 300 to 400 public-sector entities each year.

 

“We’re right at the front end of this,” said Marshall Davies, executive director of the Alexandria, Va.-based Public Risk Management Association. Hackers are “just now coming after the public entities. They’ve been hitting the businesses for years,” he said.

 

Hackers generally don’t target specific cities, but instead are constantly searching for vulnerabilities wherever they may occur, security experts said. “The trick about ransomware right now is that it’s typically not a targeted, focused attack,” said Christopher Krebs, a senior official at the Department of Homeland Security, at a recent mayors’ conference in Boston. “You’re not special.”

 

Hackers attacking cities aren’t typically nation states, but rather cybercriminals, Mr. Krebs said. Sometimes the hackers demand ransoms in poorly written English, and they typically demand to be paid in bitcoin, according to officials who have been hacked. The Rockport hacker offered a “customer service” chat window and offered tips on how to acquire cryptocurrency.

 

The Federal Bureau of Investigation advises against paying, and warns that “some individuals or organizations are never provided with decryption keys after paying a ransom.”

 

Rockport didn’t pay the hackers. Instead, Mr. Natale and a helper worked through the weekend to recover files from a compromised backup server, and had town systems up and running again by the next week. Still, the hamlet of about 3,400 ultimately paid about $10,000 to cover the immediate restoration work, plus another $28,000 to $30,000 on security improvements, including a cloud-based backup system.

 

SHOULD CITIES PAY?

 

Officials in Leeds , Ala., recently folded when faced with a ransom demand from hackers who froze the Birmingham suburb’s computer system. It wasn’t an easy choice, but everything from email to personnel records was effectively locked down, and the city of about 12,000 felt powerless.

 

“You just hold your nose and do it,” Mayor David Miller said.

 

After being paid, the hackers provided a code that helped the city regain access to most of its files, he said. Similarly, Montgomery County, Ala., unable to access backup files that were also encrypted, spent about $47,000 to acquire nine bitcoins for hackers so they would unlock files last September, said Lou Ialacci, county IT director.

 

Every victim asks the same question, said Jeffrey Carpenter, director of incident response at SecureWorks Corp. , an Atlanta-based cybersecurity firm: “Should we pay the ransom?”

 

Compared with private companies, local governments may be less prepared for an attack, according to security experts. Some smaller entities can’t afford to compete for cybersecurity talent, which is in high demand across the country. Information-security analysts’ salaries average $100,000 a year, and private-sector employers pay more than state and local governments, according to the Bureau of Labor Statistics.

 

Ransoms might be loosely calibrated to what hackers think a city can pay, although numbers can vary widely. Hackers demanded $250,000 late last year from Spring Hill, Tenn., a city of about 38,000, which is nearly five times the amount hackers tried to pilfer from Atlanta in March. Both cities refused to pay.

 

In Spring Hill, that has meant a still-unfolding restoration effort that could cost some $100,000, City Administrator Victor Lay said.

 

The St. Louis Public Library spent almost $200,000 on system upgrades after successfully fending off a ransomware demand for about $25,000 in bitcoin last year, executive director Waller McGuire said.

 

Licking County, Ohio, also refused payment when hackers demanded $50,000 in bitcoin after hijacking the county’s computer system last year, apparently by exploiting a firewall gap, said County Commissioner Tim Bubb.

 

The county of about 170,000 people east of Columbus was lucky: Technicians quickly determined nearly all data were backed up and systems could be restored. Outside consultants also advised against paying, Mr. Bubb said.

 

“We didn’t want to deal with criminals if we could avoid it,” Mr. Bubb said. “Nobody likes to be blackmailed.”

 

CYBERSECURITY INSURANCE: COST VS. BENEFITS

 

Speaking at the recent mayors’ conference, Atlanta Mayor Keisha Lance Bottoms triggered murmurs in a roomful of mayors when she said her city had purchased cyber insurance just months before getting hit.

 

She estimated that the city, which decided to rebuild its systems, was facing more than $20 million in costs, but she hoped insurance would cover much of that. An Atlanta spokesman said the city was still evaluating the overall cost of the attack and the city’s recovery efforts.

 

Franklin County, Ohio, the state’s most populous with 1.3 million residents, bought a $10 million policy last year that came with a $200,000 annual premium. The county hasn’t needed the insurance, but officials said they were motivated after seeing hackers cause disruptions in Ohio and beyond.

 

Some officials said they preferred to spend money on better system back-ups, since insurance wouldn’t solve the immediate problem of accessing data they need to serve the public.

 

In Leeds, Ala., February’s breach came just a week before a planned upgrade to better protect backup data, Mr. Miller said.

 

Insurance covered most of Leeds ransom payment—plus, the city managed to bargain the hackers down from $12,000.

 

“We said, how about $8,000?” Mr. Miller recalled. “They said OK.”

 

< Here >

 

 

[straycat19]

What is amazing is that even some of these targets backup data was encrypted.  That means their backup systems were online and accessible from users computers.  Never, ever,  have your backups accessible by user systems.  That defeats the purpose of having the backups.  I have 6 NAS units (240TB) at home and none of them are accessible without selecting one and then supplying a login and password.  At night when I do my backups my systems are offline.  They use the same methodology at work except the backups are taken off site for storage in a vault.  I have even seen home users who backup their systems to another hard drive inside the computer or to an external drive that is always connected to the system.  That is the same as having no backup.

[steven36]

7 hours ago, straycat19 said:

What is amazing is that even some of these targets backup data was encrypted. 

This happen back in March  and they still  posting about it and it's almost July?  It's not really amazing  that  there backups got infected that's what happens when you leave them accessible to your main server or the infected system .  It just shows they dont have no conman sense to make backups and remove them after they do but of course they dont. because they did not have conman sense not to click on spam emails to begin with. Whats amazing  instead of educating  there employees on prevention  the wsj is asking should they pay months after it happened .That's something  they would need to decide the day it happens  its best to never pay .

 

Don't any one ever learn from there mistakes anymore and know how to tell there workers dont be clicking on emails from people they dont be expecting no email from? I never ever been infected by ransomware because i use conman sense . Another story  about a bunch of state govt, workers who have more book sense than they have conman sense and  have no computer skills beyond what they learned in computer class in high school . As long as they dont educate there workers  how to prevent this and they have to pay to get there data back  it will keep happening . If you pay the hacker won and it was you're own stupidity that you clicked on that infected document to begin with.

 

Some businesses are so cheap they dont have and antivirus  on there server  that scans there emails that maybe would of had the signature   . I been told true stories about how some businesses wait tell they get a virus or malware and then they send and IT in to remove it with malwarebytes.  if it's ransomware  if you dont have a clean backup all you can do is pay if you have to have the data back and reformat and educate there workers on prevention and put the needed security software in place. Most antivirus have anti ransomware now also they need to get some anti spam email software . If they dont learn from there mistakes  it will never stop .

 

Every since i been on the internet i been having to use on demand scanners on peoples computers  to remove malware because they had  no security software in place  for like 17 years . Most of the time i just back up there data and reformat after i clean them to make sure, if they would of used conman sense  and had some prevention to begin with it would never happen and have to pay someone like me to remove it , because it never happen to me.  Things are not half as bad as the was before Windows XP SP2 came out when windows didn't have a good firewall to prevent worms and virus, even back then if you installed a 3rd party firewall before you went online you be OK . Now days most infections are just things that conman sense could of prevented .

 

The story should of been ransomware hit some town governments .  it did not hit towns people  in general and 2 towns are nothing  there are like 19,354 "incorporated places" in the United States and each Town have different  policies on security   .. WSJ  always writing about things that happen in the past sometimes without any creditable sources and i dont really trust them to be anything more than fear spreaders.   This news site be involved with Government level leakers who sometimes lies to the press to spread propaganda and tinfoil hats take it as the gospel . I dont really go out of my way to read there news but sometimes it cant be prevented because other news sites report on it . They have a paywall  up and like most sites that have a paywall they always are very biased.

[Archanus]

Wow, and then they said that "They are creating the best Windows ever" jajaja  We will be hacked jaja