Riverside, Ohio, Just the Latest in a Spate of Government-Focused Ransomware Attacks

While federal authorities focus their attention on several attacks on the Ohio town, a number of other high-profile attacks have made headlines in recent months.

by Will Garbe, Parker Perry, Dayton Daily News / May 14, 2018
Shutterstock

(TNS) — Riverside, Ohio, is the latest government facing an apparent ransomware attack.

For years, the FBI has warned that the use of ransomware — malicious software that threatens to block access to data or to publish it unless the infected organization pays a ransom — is a fast-growing criminal enterprise.

Organizations often don’t learn they have been infected until they can’t access their data or until computer messages appear demanding a ransom payment in exchange for a decryption key, according to the FBI’s website.

Here’s a look at the current attack and other recent cyberassaults.

RIVERSIDE, OHIO — APRIL 2018

U.S. Secret Service agents are investigating the attacks on Riverside’s police and fire servers, according to state and federal officials familiar with the matter.

The city is the victim of at least two attacks on its servers, one of which made about 10 months of files inaccessible to staff, City Manager Mark Carpenter said.

Carpenter said the term “ransomware” was used to describe the attacks. The term implies that a third-party held, or is holding, the city’s data hostage in exchange for a ransom, often paid in bitcoin or other cryptocurrency.

The Secret Service is tasked with defending U.S. financial institutions from cyberattacks. Because of the agency’s experience, the Secret Service often assists other entities facing similar attacks.

“As a matter of policy, the Secret Service does not discuss active criminal investigations,” said Kevin Dye, resident agent-in-charge for the U.S. Secret Service in Dayton.

Riverside officials have not determined what exactly happened during the attacks, Carpenter said. City officials plan to meet May 15 with the city’s third-party information technology company to discuss the problem.

ATLANTA — MARCH 2018

Atlanta’s municipal government faced a ransomware attack in March. An attacker demanded a $50,000 ransom to restore the city’s systems.

City officials urged employees to check their bank accounts to make sure their financial information had not been accessed and said that anyone who had conducted transactions with the city could be at risk.

The city ended up shelling out nearly $2.7 million on eight emergency contracts in an attempt to fix the problem.

Three federal agencies — the FBI, the Department of Homeland Security and Secret Service — assisted Atlanta during its attack.

MAD RIVER TWP., CLARK COUNTY, OHIO — AUGUST 2017

The Mad River Twp. Fire and EMS station is without years of data after its server was breached and encrypted with ransomware.

Chief Elmer Beard said the virus was found in August and the department has tried to work out solutions to get the information unencrypted. The hackers demanded payment for the information in Bitcoin, which translates to thousands of dollars he said.

“This data does contain personal identifiable information,” Beard said in a press release.

The data impacted is from information collected by officials when residents used EMS or fire services, Beard said.

It does not appear information was stolen, he said, instead the hackers encrypted the data so no one can read it. The department elected not to pay the ransom because they were unsure if they would actually get the information back, Beard said.

©2018 the Dayton Daily News (Dayton, Ohio) Distributed by Tribune Content Agency, LLC.