Rash of ransomware attacks hold towns hostage
A number of municipalities and school districts across the country, including several in Connecticut, have recently been victims of cyber attacks where information in their computer systems is frozen and hackers demand payment in order to restore it.
Known as “ransomware,” these cyber attacks have been reported by schools in Middletown, Wallingford, New Haven, Pomfret, and most recently, Wolcott, where officials are debating whether to pay the ransom request.
Investigators believe the hacker that broke into the Wolcott computers, blocking all five Wolcott schools from accessing internal files, was the same hacker that conducted a massive ransomware attack recently on 22 Texas municipalities, which brought city services to a halt.
The Texas hacker demanded more than $2.5 million in ransom payments via bitcoin, a digital currency which allows anonymous transactions.
Wolcott officials have not publicly stated how much ransom is being demanded from them, but the school board recently approved a $10,000 appropriation if needed.
Ransomware is a growing threat that can hit any individual, business, municipality or school at any time, according to Al Alper, CEO of Absolute Logic, a Wilton-based IT consulting and security company.
He said hackers gain access to computers by tricking users into opening an email attachment or link which unleashes a program that opens very quickly, takes relevant files, and encrypts and jumbles them using an algorithm so the user cannot access the information.
The hacker then sends the user a message demanding payment by a certain time, and if not paid, the algorithm is destroyed and the information that was encrypted is lost forever.
This happened in Baltimore, Md., where the city’s computer system was attacked in May by a strain of ransomware called “RobbinHood.” The hackers demanded 13 bitcoin (roughly $76,280) in exchange for the keys to restore computer access.
Baltimore officials refused to pay. When the hacker’s deadline was up, information that was encrypted was lost and months later the city is spending thousands of dollars in an attempt to restore its computer systems.
But paying hackers their ransom demand is no guarantee they will go away. “If you pay it, they will likely be back. You’ve proven you are willing to pay,” Alper said.
An investigation of the Baltimore and Texas hacks revealed the municipalities involved were vulnerable to cyber attacks because their cyber defense and backup systems were lax.
“Anyone can be threatened with a cyber attack,” Alper said. “You have to have good backups and you need to regularly test them. You’re only as good as your ability to restore your information from your backup.”
But when it comes to funding cybersecurity, town officials are often reluctant to budget sufficiently for it because unlike roads and bridges, information protection is not something tangible that many people fully understand or can visualize, Alper said. “Then the town gets hit by a ransomware attack they didn’t prepare for... You have to protect the data,” he said.
Baltimore officials have learned an expensive lesson from their cyber attacks, and are fortifying their cybersecurity procedures to make them more secure and less susceptible to ransomware attacks, Alper said.
Cybersecurity and information protection is important to the town of Wilton, according to First Selectwoman Lynne Vanderslice.
“This is on the top of the mind of all employees. For security reasons, we don’t provide specifics, but in general terms we do follow best practices, including updates of security, educating our employees — who are already vigilant — and maintaining on-site and off-site backups,” she said.
John Savarese, director of Wilton’s Information Systems Department, compared ransomware threats to a schoolyard bully. “The bully wants to steal your math homework so he can get your lunch money. You need to make it hard for him to get your homework,” he said.
He stressed the necessity of keeping security software up to date. “It’s a foot race between Microsoft and the hackers. You need to make sure you have the latest protections as well as various layers of protections,” he said.
He said hackers try to trick people into opening email attachments and links that lead to cyber attacks. “Fortunately, our staff is skeptical, intelligent and cautious. They report suspicious emails rather than just clicking on them,” he said.
Getting back to the schoolyard analogy, Savarese said if the bully does get your math homework, it’s important that “mom has a copy at home.”
“We follow well-developed industry practices in Wilton. We back everything up. Critical systems are stored both on- and off-site. We have a daily task to check the backups to make sure they are up to date. We have a way to restore things,” he said.