Ransomware Attacks Aren’t Going Anywhere, Experts Warn

The FBI advises victims not to pay ransoms to decrypt files, but a business analysis may find that it's the less expensive option in many cases, Cyber Leadership Alliance President Douglas Rapp said.

by Joseph S. Pete, The Times / July 19, 2019
(Shutterstock)

(TNS) Last year, a ransomware attack shut down Strack & Van Til checkout lines during the busy week before Thanksgiving.

In retail terms, it couldn't have come at a worse time.

Just this week, LaPorte County government offices were forced to pay $132,000 to hackers after a ransomware attack shut down part of the county's computer system. The Federal Bureau of Investigations couldn't crack the virus.

The next target could be anyone or any entity.

Cybersecurity experts warn ransomware attacks, in which data is held hostage until the victims — often private companies or government offices — pay a ransom fee, and other cyberattacks are becoming disturbingly more common.

"Americans are getting their identities stolen every 2 seconds," said Ron Bush, an information security consultant for clients throughout Northwest Indiana and Chicagoland. "We're at war and don't realize it. They attack every industry you can think of."

Hackers, who often gain access to computer systems through phishing emails with malicious attachments or links to infected websites, attack companies, school districts, colleges, courts and a growing number of local governments. They even target individuals, holding their photos and other personal files hostage for a price.

Lake City, Florida, recently paid nearly $500,000 to get its data unlocked, and Riviera Beach, Florida, shelled out nearly $600,000. Some cities have held out, but it's proven to be more costly. Atlanta and Baltimore have been spending millions of dollars to recover from their cyberattacks, more than $18 million so far in Baltimore's case.

"More than 20 local municipalities, cities, counties and state governments have been hit this year that we know of," Bush said. "Ransomware attacks have been growing. From a hacker's perspective, there's very little risk."

Hackers often live abroad out of police jurisdiction, and few countries extradite them over cybercrimes, Bush said.

"They're about as safe as they can be," he said. "They're hard to catch. There are so many ways to cover your tracks, like sitting in a Starbucks or Panera Bread and using public Wi-Fi."

The Federal Bureau of Investigations advises victims not to pay ransoms to decrypt files, but a business analysis may find that it's the less expensive option in many cases, Cyber Leadership Alliance President Douglas Rapp said.

But once you've paid, the hacker knows you're willing to pay, Bush said.

"They might not hit you up for six months or a year, but they might still hit you up again," he said. "They might sell your information to other hackers on the dark web."

People have mixed and often strong feelings about whether to pay ransoms to restore encrypted files, said Seth L. Spencer, founder and chief executive officer of Sera Solutions in Michigan City.

"It's a cost-benefit analysis," he said. "When you pay, the files are decrypted in nearly 100% of the cases because it's automated when the payment is received. When you're a government or hospital and held up so you have to cease operations, paying tens of thousands of dollars might make sense. What's the alternative?"

Companies, government bodies and institutions can protect themselves by training employees, such as on how to identify suspicious emails, and backing up their files regularly, the experts said.

"It's good to back up data daily, but depending on the industry and the sensitivity of the files, you might want to back up hourly," Bush said. "Some financial services firm back up every quarter-hour."

The costs of cyberattacks can be so steep, it puts 64% of small companies targeted out of business, Bush said.

Any Region firms falling victim to hackers can go to the Northwest Indiana Small Business Development Center and connect with security professionals who can help them, Director Lorri Feldt said.

"We can connect them with the right people," she said. "It's pretty rare, but when it does happen, it's existential. It's extremely serious."

Many small and mid-sized companies lack the resources to guard against cybercrime, Rapp said. But they should stop looking at cybersecurity as an information technology function and invest in security upfront, he said.

"With LaPorte, the backups were kept on-site and were compromised in the attack, so the data was impossible to restore," Rapp said. "But I want to stress this isn't a LaPorte problem; it's a global problem."

LaPorte County did what it should have by turning off computers and shutting down servers right away to keep the virus from spreading and then calling the authorities, Spencer said. The FBI has tools that can sometimes decrypt files or restore backups.

Ransomware is still relatively rare, but a simple attack can completely cripple institutions, Spencer said. It's taken off in recent years partly because of the rise in bitcoin and other cryptocurrencies.

"Before you'd have to go to offshore bank accounts," he said. "This makes it highly difficult to track. There's no paper trail. The end user remains anonymous."

Companies should have segmented backups on different servers, practice good cyberhygiene by installing patches and updates in a timely manner, seek security training certifications and consult with cybersecurity experts, Rapp said.

"The worst time to plan for cybersecurity is after an attack," he said. "There's no such thing as having a totally secure system, but you can mitigate the risk. One of the most dangerous aspects of cybersecurity is the human element."

©2019 The Times (Munster, Ind.). Distributed by Tribune Content Agency, LLC.

Platforms & Programs