North Carolina Braces Against Wave of Ransomware Attacks

Attacks this year have ranged from cities to rural counties. A community college was hit as well as a sheriff's office and an emergency medical service, which led to patient records being compromised.

by Zachery Eanes, The News & Observer / August 30, 2019
Shutterstock/Alexander Supertramp

(TNS) — RALEIGH — More ransomware attacks in North Carolina have been reported this year than all of 2018, according to the N.C. Department of Information Technology.

Seven ransomware attacks, as of August, have been reported in the state -- while last year had a total of four. And, for each of the years 2016 and 2017, there was only one attack, according to data DIT provided to The News & Observer.

That number provided by DIT, however, only included those that were officially reported. A bill signed this month by Gov. Roy Cooper now requires that county and municipal government agencies report cyber security incidents to the state.

Ransomware is a type of malicious software that can deny a user access to data once it has infiltrated a computer -- and often the attacker will demand a ransom to have a computer restored.

An attack can leave a local municipality paralyzed. When the Orange County computer network was hit by a ransomware virus in March, officials closed offices including the register of deeds and the housing department -- and it affected the sheriff's department's ability to communicate.

"You have to restore as much and as quickly as you can," Jamezetta Bedford, an Orange County commissioner, said of the county's response to the attack. "Our folks were working over time and it was a drain on resources."

Hackers view local governments as easy targets for cyber criminals, Maria Thompson, the state chief risk officer for DIT, said in an interview.

"I think, by and large, both state and local entities are being targeted, because [criminals] look at them as low-hanging fruit," she said.

Public attention to the threat of cyber attacks has increased recently, after more than 20 local government entities in Texas were hit by ransomware earlier this month. Thost attacks that left Atlanta's city government paralyzed, inflicted $18 million of damages to Baltimore, and forced a town in Florida to pay a $600,000 ransom to its hackers.

Thompson said no government entities in North Carolina have paid a ransom, to her knowledge.

In North Carolina, the attacks this year have ranged from cities including Greenville to rural counties including Robeson. A community college was hit as well as a sheriff's office and an emergency medical service, which led to 40,000 patient records being compromised.

Since 2016, the state's largest county, Mecklenburg, had public services knocked offline for several days and the city of Durham has been compromised twice, according to DIT.

Most of the attacks are "spear phishing" attacks, Thompson said, in which hackers create fake emails that look legitimate. The email could include a link to a malicious site or it might download malicious files or it might even ask for a username and password.

The fake emails, if successful, will give a hacker access to a computer network. The tough part, for prevention, is that any one employee with an email account could be compromised. Invariably, these attackers have all originated from another country.

A coordinated response

Thompson, a former cyber security chief for the Marine Corps, has been part of the state-backed response system to local hacks. In operation for a little more than a year, DIT and the Department of Public Security have formed a new group -- which is still looking for a name -- to counteract cyber attacks in North Carolina.

The group, which is based in the State Bureau of Investigation's Information Sharing and Analysis Center, works directly with the National Guard, the Department of Homeland Security, FBI, SBI and U.S. Secret Service to share information and prevent attacks.

"Obviously, we would have wanted to do this a long time ago," said Thompson, who joined DIT in 2016. "But we have been hampered by cost and the funding aspect of it."

"But, as we started to look across the landscape and see that we have more counties being hit by ransomware," she said, "it just made more sense that we started taking more of a proactive approach."

That approach includes getting the National Guard's cyber team on site within hours of a reported attack, coordinating potential financial and infrastructure support and providing forensic analysis.

The state now distributes information and educational materials, so that other counties and cities can protect themselves.

Previously, Thompson said, it could take days for agencies to respond to a cyber attack because communication moved much slower. Requiring that local entities must report significant attacks to the state will help, she added.

"It's not meant to be an invasive type requirement," she said. "It's just basically saying, when you have something that happens ... we can help you. If you just need consulting, we can provide consultants to help you. If you need boots on the ground, because you're down hard, then we can definitely bring a lot of capabilities."

Thompson said only 69 of the state's 100 counties have cyber insurance now to help with damages.

Election safety

The state recently launched a pilot program with eight Tier 1 counties (a designation for some of the most economically disadvantaged counties), to install computer sensors. The sensors block and tackle malicious activities before they infect a network.

"We're looking to get more funding to support all hundred counties," Thomspson said. "Because we have election systems that sit on these county infrastructures."

The back drop of the upcoming presidential election is one reason collaboration between local, state and federal agencies has been emphasized.

A Reuters report this week said the U.S. government plans to launch a program in roughly one month that narrowly focuses on protecting voter registration databases and systems ahead of the 2020 presidential election.

And in North Carolina, elections officials voted to strengthen state laws around voting machines to require "human-readable" paper records, a reaction to cybersecurity concerns surrounding touchscreen voting machines. A federal investigation into whether Durham County's election software was hacked in 2016 is still ongoing.

©2019 The News & Observer (Raleigh, N.C.)Distributed by Tribune Content Agency, LLC.

Platforms & Programs