Payouts Make Ransomware Attractive to Hackers, Experts Warn

The very nature of governmental operations make it an attractive target for hackers, who are likely encouraged by the number of local governments that have opted to meet their ransom demands.

by Ernest Rollins, The Herald Times / July 29, 2019
Shutterstock/Timofeev Vladimir

(TNS) — Every time Eric Evans reads a report about government officials paying thousands of dollars in ransom to computer hackers to recover stolen data, it gives him the chills.

The chief technology officer for Monroe County, Ind., said he empathizes with the government employees who have to deal with the fallout of a cyberattack, having fended off his fair share while working with the county.

Evans has seen an increase in hackers targeting municipal and county agencies throughout the state in recent years.

Scott Shackelford, chair of the IU Cybersecurity Program, said while cyberattacks of governmental agencies have occurred since the late 1990s, he agrees there has been an uptick in these attacks on critical civilian infrastructure nationwide. This includes not only local governmental agencies, but also hospitals and police stations. He said even libraries at times can be targeted.

Shackelford said smaller-scale attacks such as these can oftentimes be overshadowed by cyberattacks directed at large corporations such as Equifax, but can be just as devastating.

Evans said the number of cyberattacks are probably increasing because some government officials have paid the ransom hackers demanded.

“(Hackers) see these stories and they think cha-ching,” Evans said.

Just this month, LaPorte County paid hackers $130,000 following a ransomware attack. This is after hiring a go-between firm to negotiate down the initial demand of $221,000, according to a news release from the county. Since the attack, LaPorte County has been restoring the data and began taking steps to reduce the chances of another attack in the future, LaPorte County Commissioner Vidya Kora said in a July 12 news release.

Shackelford said paying a ransom to hackers is troubling, because it is basically giving into extortion. He said this not only sets a dangerous precedent, it makes it more difficult to hold these attackers accountable. However, he understands that in cases where the stolen data is critical to public safety or privacy concerns, there is pressure to recover that information quickly. In LaPorte, they felt out of options to recover the data.

“Even after conferring with the FBI’s cybersecurity unit to determine if their decryption codes would work, they determined after several tries their “keys” would not unlock our data, and we were required to pay the ransomware actors to retrieve our data,” Kora said in the release.

Evans said the very nature of a governmental agency’s operation can make it an attractive target for hackers. He said government employees work in an environment where they are bombarded by emails. He added at times it can be difficult to keep up with everything, and hackers know this. He said they are hoping for someone to in a rush not notice the red flags in an email and click on it to provide them access to the government agency’s network.

“And again, I think they’re focused now on city and county government, throughout the nation, because they know now that they can get a ransom from it,” Evans said.

Shackelford also said it is very easy to launch ransomware attacks. He added the required tools could be acquired on the dark web at a low cost and attackers only need a small opening to make the investment worth it.

Shackelford said in response to these potential threats, some organizations are choosing to invest in cyberrisk insurance. In LaPorte, their cybersecurity insurance policy covered $100,000 of the amount paid. However, Shackelford said the potential hazard of this is that officials may feel they are covered and not invest in more proactive policies to fend off future attacks.

Shackelford said there are many different steps organizations can take to prepare them for a potential future cyberattack. Some of these include backing up most sensitive and important files, preferably somewhere local and offsite; making sure files are as secure as possible; and investing in cybertraining so their workforce is less susceptible to granting the attacker access to the organization’s network.

“There is really a laundry list,” Shackelford said of steps that can be taken.

Evans said the county utilizes various technical tools and invests in training to fend off potential attacks. He added the county is fortunate to have county commissioners who are interested and willing to invest in bolstering the county’s cyberinfrastructure.

Shackelford said not every community has public officials who are knowledgeable or equipped to make improvements to their cybersecurity systems. To assist governmental agencies, businesses and individuals facing more sophisticated cybersecurity threats, IU will establish a new IU Cybersecurity Clinic in the fall.

Shackelford said students will help local and state governmental agencies, not-for-profit organizations and small businesses manage cyberattacks, improve privacy and better protect their intellectual property. He added the goal is to provide these organizations with the resources needed to make them harder targets for cyberattacks.

©2019 the Herald-Times (Bloomington, Ind.). Distributed by Tribune Content Agency, LLC.

Platforms & Programs