On March 9, 114 servers within Connecticut’s judicial system were impacted by a ransomware attack. This was the second ransomware attack aimed at the state government. Two weeks earlier, the Connecticut Department of Administrative Services reported that a virus resembling the Wannacry ransomware infected about 160 computers in a dozen state agencies.
In both attacks, Connecticut got off lucky because the viruses were caught and mitigated early. But this was the latest in ransomware attacks aimed at government computer networks. The city of Atlanta, which was hit with a ransomware attack in late March that crippled much of its online services, has set aside $2.7 million to cover the costs of incident response, recovery and crisis management efforts. Colorado’s Department of Transportation experienced a ransomware attack on its back-end operations offline in February, which took approximately six weeks and $1.5 million to mitigate.
Ransomware is a form of malicious software — also known as malware — that takes control of an individual computer or a network and threatens to deny access to all stored files unless a ransom is paid. These types of attacks have been traced back to 1989 with the virus known as both the PC Cyborg and AIDS — the latter name was given by its creator, Joseph Popp, who insisted the money gathered via his cyberattacks would be channeled to AIDS research nonprofits. In recent years, ransomware attacks have become more prevalent, with ransom payment demands made in Bitcoin and other cryptocurrencies that cannot be easily traced by law enforcement agencies.
The main reason why ransomware has become so frustrating is that there is no easy way to expel the virus once it locks the computer system’s encryption key. John Yoon, associate professor of cybersecurity at Mercy College, has his students practice the breaking of the encryption key, which consists of an unknown number of characters. Their success rate can charitably be described as minimal.
“If we know the number of characters, it is a lot easier,” Yoon said, adding that the encryption key can involve any quantity of characters. “Capturing the key is not really impossible, but it takes a long time.”
But paying a ransom to gain access to the files may not be the end of the problem. “Who’s to say that in two days, two weeks or two months from now something lingering in the system won’t strike again?” asked Kevin Frost, operations manager at Tarrytech Computer Consultants in Elmsford.
Robert Cioffi, co-founder and chief operating officer at Yonkers-based Progressive Computing, warned that cybercriminals are also aware of which companies are too eager to pay ransom. “That makes you susceptible to attacks,” he said. “I am aware of cases of companies that paid ransom, only to be re-infected in 30 days.”
So, what can be done to prevent a ransomware attack? Cioffi recommended what he dubbed “basic training on what bad email looks like,” noting that ransomware often infects a system by opening an infected file attached to e-mails or clicking a link within the message. He added that ransomware creators are “highly incentivized into tricking people to do things” that will ultimately shut down their operations.
Al Alper, president of Wilton-based Absolute Logic, recommended wariness with emails that could be spoofed. “Around tax season, CPA firms and their clients get emails that come with what are supposed to look like tax papers,” he said, noting that what appears to be legitimate attachments might be the opening for a ransomware infection.
Keeping an updated backup system is also a crucial line of defense, in case a ransomware-blocked system needs to be reset to a period before the infection occurred. However, the problem with that approach is that all data that was compiled in the period after the infection took root would be lost with a system reset to an earlier date.
Tarrytech’s Kevin Frost said his clients have backup systems that take images of their files every hour, thus enabling a speedy recovery and no loss of data if a ransomware attack happens. “We were able to get systems back up in 45 minutes,” he said.
Still, not every business is backing up its data, which infuriates Patrick O’Donnell, CEO of Bridgeport-based Post Road Software.
“For a company not to have adequate back-up is complete B.S.,” he said. “I can buy a back-up server for under $200.”
And Garry Feldman, president of U.S. Computer Connection in Stamford, warned about taking the ransomware potential home with you. “If you are backing up files on a USB hard drive, chances are that you will also get infected through that device,” he said.