By Don Coble
Technology is the newest weapon used by both law enforcement and criminals. It’s a high-tech game of cat and mouse, with information floating throughout the world wide web as chunks of megabytes and megapixels that can be retrieved for either good or bad intentions. For four weeks, we will look at how technology has changed how police patrol their beats. From surveillance systems, to social media and cell phones, to ransomware threats to identity theft, a crime can be committed or resolved by a simple keystroke.
The third part of the series deals with the growing threats to police forces, corporations, municipalities, schools and banks from cybercriminals who use malicious software to hold a computer system for ransom.
It started like most cyberattacks when someone opened what seemed like a harmless email. But what happened in Lake City – less than an hour from Clay County – was far from harmless or cheap.
Employees came to start a new workweek on June 10 to find the town’s computer system being held hostage by North Korean hackers. For days, the city government had no phones, emails or records. Utility records were hidden behind a technological lock and key. Calls had to be done by personal cell phones. Cash, checks, fax machines and hand-written receipts suddenly were the norm.
City leaders reluctantly agreed to pay 42 Bitcoin, about $460,000, in cyber extortion to get the decryption key for the Ryuk malware. While decryption key appeared to work, it took more than a month to recover their information.
Hackers hit Riviera Beach a few days later. Lake City’s police and fire departments weren’t affected since they operated on a separate system. Riviera Beach wasn’t as prepared, so the cost of the ransomware was nearly $600,000. Dispatchers couldn’t log calls for the police, fire and emergency departments.
“With your heart, you really don’t want to pay these guys,” Lake City Mayor Stephen Witt said. “But, dollars and cents, representing the citizens, that was the right thing to do.”
Key Biscayne then became the third Florida city hit by Ryuk in June. It didn’t disclose if it paid a ransom, but city officials said their systems have been restored.
What happened in Lake City, Riviera Beach and Key Biscayne prove just how susceptible municipalities, energy companies, banks, hospitals and corporations are to cyberattacks. By the time information technology departments create a wall to block one attack, hackers generally have moved onto another scheme. Since cybercriminals don’t punch a timeclock, it’s difficult, if not impossible, for cities to keep pace.
“The attackers are obviously advancing at their own pace,” cybersecurity firm Rendition Infosec founder and president Jake Williams recently told the Washington Post. “They don’t work on annual budget cycles.”
Ransomware is a type of malware that hijacks information, encrypts it and blocks a user from their own files while demanding ransom – generally in cybercurrency like Bitcoin – to regain access.
Such attacks cause the loss of data and intellectual property. The earliest known case of ransom malware was embedded in a disk in 1989 by Harvard-trained biologist Joseph L. Popp. His AIDS Trojan, also known as PC Cyborg, was called “AIDS Information – Introductory Diskettes,” and it was sent to members at the World Health Organization’s International AIDs conference.
Malware now is usually delivered through an unsolicited email. While security experts have warned for years to not open email from an untrusted source, Lake City demonstrated again it only takes one mistake to bring a town to its knees.
And hackers are making it more difficult by using social media to create emails that appear to be familiar to a targeted victim. Another popular trick is for cybercriminals to pose as law enforcement to scare victims to pay a fine for what they claim is illegal activity.
There were 1,783 reported ransomware complaints costing more than $2.3 million in 2017, according to the FBI’s Crime Complaint Center.
It’s now estimated there were 184 million attacks last year.
And big cities have become big, and profitable, targets.
Police departments in Tennessee, Georgia, Illinois, Maine and Massachusetts all paid ransoms to unravel their computer networks. Baltimore reportedly spent $18 recovering from an attack, while Atlanta’s cost to rebuild, recover and strengthen its systems has cost about $7.2 million following a March 2018 attack.
Atlanta-based The Weather Channel was hacked during a live broadcast last April. A month later, a data breach at Georgia Tech prompted the university to offer credit monitoring and identity theft protection to nearly 1.3 million applicants, former and current students.
The Georgia Emergency Management and Homeland Security Agency discovered malware on its system in June, forcing the agency to take some of its programs offline.
According to Coveware, a security firm that focusses on ransomware, about 70% of companies and municipalities pay ransom, with government agencies usually paying 10-times more than private businesses.
Cyberattacks already have shut down computer systems to 22 different government agencies this year, so 225 U.S. mayors agreed last month not to pay ransom on future attacks. The resolution at the U.S. Conference of Mayors read: “The United States Conference of Mayors stands united against paying ransoms in the event of an IT security breach.”
Health care systems also are profitable targets for hackers since they collect and maintain private records for millions of customers and patients. Ransomware at health care systems account for more than one-third of all cyberattacks, according to Beazley, which offers cyber insurance coverage.
The best protection against ransomware is to not get it, U.S. Department of Homeland Security’s Cyber-Infrastructure Security Agency said. That means not opening unsolicited emails and backing up systems, keeping the backups separate from the main operating system, enforce strong passwords and change them frequently and use updated security.
In short, the best way to stop a cyberattack is to keep it from happening.