Society’s dependence on computers has created a number of worrisome vulnerabilities, one of which is creating serious problems for local governments. One criminal activity which takes advantage of these vulnerabilities is extorting money through the use of ransomware. Ransomware is a type of software that infiltrates a computer system and prevents owner access to it or its data until a ransom is paid. Ransomware generally attaches to governmental (or any) computer in two major ways. One is when the user clicks on a link in phishing emails, and the other is when a user visits an infected website.
Ransomware has been around for several decades. The first known case of ransomware use, called the AIDS Trojan (or PC Cyborg), was reported in 1989. The malefactor, Dr. Joseph Popp, a Harvard-trained anthropologist also known as the father of ransomware, loaded malware onto 20,000 disks and mailed them to AIDS researchers in more than 90 countries. The malware program, once the disk was inserted into the computer, was designed to count boot-ups, but to remain dormant until the 90th time a computer was turned on. The 90th time the computer was powered up, the material on the computer became inaccessible to the user, and a message appeared demanding the user send $189 to a post office box in Panama to receive software that would unlock the computer and do the necessary decryption.
Over the following years, many businesses, citizens and governments were similarly targeted by what became known as cryptoviral extortion, but with increasingly sophisticated programs. City and state governments have increasingly become targets in the past few years. Estimates vary, but recent reports indicate that over 200 attacks have targeted state and local governments. For example, according to a report published by Recorded Future, 53 incidents occurred in 2018, an increase of about 30% from the year before. So far this year, more incidents have become public. Recorded Future found that out of the 169 cases it counted, only 17% of the victims paid the ransom. Many city and state governments have policies against paying a ransom, so, why do hackers do it? If the ransom is paid, then the hackers profit; if not, the costs to the hackers are negligible.
Ransomware attacks are mostly crimes of opportunity. Once a hacker knows he or she can get into a vulnerable network, the person can explore the files to determine if the information would be valuable enough to the owner to make extortion worthwhile. Also, hackers can now purchase ransomware on the dark web, making it possible to commit such crimes without having to write their own software.
Even if when a ransom is paid, it does not guarantee all lost files will be recovered. Lake City, Florida, for example, still had to try to find ways to recover most of its files after paying hackers over $460,000 in ransom! According to Audrey Sikes, city clerk for Lake City, “more than 100 years’ worth of municipal records, from ordinances to meeting minutes to resolutions and City Council agendas, [were] locked in cyberspace for nearly a month.” Last May, the city of Baltimore became a victim of hackers who used a tool that was developed by the National Security Agency, headquartered at Fort Meade, MD, a short distance from the city. Atlanta lost its data to hackers and refused to pay a $51,000 ransom. Rather, the city undertook its own repair effort at a reported cost of over $7 million! Riviera Beach, Florida became the victim of hackers demanding $600,000 a few months ago. Also, earlier this month, 22 governmental entities in Texas were victimized.
These are just a few examples, but they draw attention to the fact that anyone is vulnerable — individual, business, or government. User education is needed to instruct computer users what they need to do to protect their data, and what behavior they should never undertake. One other often missing protection is ensuring that software is kept up to date.
There is another form of cyber-extortion known as leakware. With leakware (or doxware), data is not necessarily encrypted and the owner sometimes retains access to it, but encrypted or not, the data is extracted by hackers from a poorly protected computer system. The hacker, who now has the data, then threatens to make the information public if the demanded ransom payment is not forthcoming.
The bottom line is that no one is safe from ransomware. Hopefully, new technology, tools, and better awareness training will be developed that can lessen the probability of successful attacks, and lessen the extent of the damage caused. We are certainly not there yet.