Dale Haymon, information technology director for Athens, gave a presentation on ransomware and how to combat it during the work session preceding the Athens City Council meeting Monday.
The Council later voted to approve spending $21,600 from surplus funds left over from fiscal year 2019 to purchase backup software, storage devices and support items for the IT department.
Haymon said these funds should be eligible for reimbursement through the state CARES Act.
As part of the presentation, Haymon asked the Council members to imagine a room full of files in filing cabinets, and that those files contained every piece of data ever entered into the city's system. This included things like business licenses, police reports, permits, employee records and business records. He said to then imagine city employees arrive one morning to find all those important files are missing and someone has put a vault in place inside the room.
“On that vault is a note that says, 'All your records have been placed in this vault,'” Haymon said. “'You have 24 hours to pay us a million U.S. dollars, and when we receive a million dollars, you will receive the combination to the vault. If you do not pay within 24 hours, all your records will be destroyed. Any attempt to access the records will result in all of your data being destroyed.' That's basically what ransomware is.”
According to Haymon, the offender encrypts the data and makes it unusable. If the victim has no off-network data backup, they will likely lose everything unless they pay the ransom. He said in 75% of cases, those who pay receive what is needed to recover their files.
Haymon said the entity who coordinates the attack is generally in a foreign country. According to The News Courier's news partners at WAFF 48, the cyberattack in Florence resulted in the city paying the aforementioned ransom in bitcoins, as per demands. The city was warned of a potential threat in late May.
“We began taking every precaution we could possibly take, and then on June 5, it actually hit us,” Florence Mayor Steve Holt told WAFF-48. “It appears they may have been in our system since early May – over a month going through our system.”
Florence is not the only entity that has been hit over the last several months. DCH Regional Medical Center in Tuscaloosa was among a series of network hospitals hit by ransomware attacks in 2019.
Haymon said 104 attacks in 2019 against cities around the country, large and small, have been made public.
“As a manager for IT, this is what keeps me up at night now,” he said.
Haymon said one method hackers use to get into a system is to send out an email with a link hoping someone on the network will click without thinking. This is known as phishing.
One method of protecting a system's data is to create an “air gap” backup, meaning the information is stored offline and generally on a physical medium such as a disc. These discs could potentially be stored in multiple locations to further increase the safety of the backup data.
Haymon said so long as those discs are kept safe and no one enters the building and tampers with them, they will always be available as a data backup.
“That way, the backups couldn't be deleted remotely,” he said.
Athens Mayor Ronnie Marks said the thought of a potential cyberattack on Athens like the one that hit Florence is “a bit scary.”
“During difficult times, people take shots at you because you are a little more vulnerable,” he said. “We need to be guarded.”
©2020 The News Courier (Athens, Ala.) Distributed by Tribune Content Agency, LLC.
