Ransomware: One click can allow hackers to hold a city hostage
Technology is the newest weapon used by both law enforcement and criminals. It’s a high-tech game of cat and mouse, with information floating throughout the world wide web as chunks of megabytes and megapixels that can be retrieved for either good or bad intentions. For four weeks, we will look at how technology has changed how police patrol their beats. From surveillance systems, to social media and cell phones, to ransomware threats to identity theft, a crime can be committed or resolved by a simple keystroke.
The third part of the series deals with the growing threats to police forces, corporations, municipalities, schools and banks from cybercriminals who use malicious software to hold a computer system for ransom.
It started like most cyberattacks when someone opened what seemed like a harmless email. But what happened in Lake City – less than an hour from Clay County – was far from harmless or cheap.
Employees came to start a new workweek on June 10 to find the town’s computer system being held hostage by North Korean hackers. For days, the city government had no phones, emails or records. Utility records were hidden behind a technological lock and key. Calls had to be done by personal cell phones. Cash, checks, fax machines and hand-written receipts suddenly were the norm.
City leaders reluctantly agreed to pay 42 Bitcoin, about $460,000, in cyber extortion to get the decryption key for the Ryuk malware. While decryption key appeared to work, it took more than a month to recover their information.
Hackers hit Riviera Beach a few days later. Lake City’s police and fire departments weren’t affected since they operated on a separate system. Riviera Beach wasn’t as prepared, so the cost of the ransomware was nearly $600,000. Dispatchers couldn’t log calls for the police, fire and emergency departments.
“With your heart, you really don’t want to pay these guys,” Lake City Mayor Stephen Witt said. “But, dollars and cents, representing the citizens, that was the right thing to do.”
Key Biscayne then became the third Florida city hit by Ryuk in June. It didn’t disclose if it paid a ransom, but city officials said their systems have been restored.
What happened in Lake City, Riviera Beach and Key Biscayne prove just how susceptible municipalities, energy companies, banks, hospitals and corporations are to cyberattacks. By the time information technology departments create a wall to block one attack, hackers generally have moved onto another scheme. Since cybercriminals don’t punch a timeclock, it’s difficult, if not impossible, for cities to keep pace.
“The attackers are obviously advancing at their own pace,” cybersecurity firm Rendition Infosec founder and president Jake Williams recently told the Washington Post. “They don’t work on annual budget cycles.”
Ransomware is a type of malware that hijacks information, encrypts it and blocks a user from their own files while demanding ransom – generally in cybercurrency like Bitcoin – to regain access.
Such attacks cause the loss of data and intellectual property. The earliest known case of ransom malware was embedded in a disk in 1989 by Harvard-trained biologist Joseph L. Popp. His AIDS Trojan, also known as PC Cyborg, was called “AIDS Information – Introductory Diskettes,” and it was sent to members at the World Health Organization’s International AIDs conference.
Malware now is usually delivered through an unsolicited email. While security experts have warned for years to not open email from an untrusted source, Lake City demonstrated again it only takes one mistake to bring a town to its knees.
And hackers are…