Governments and citizens deal with prevalence of ransomware
Nowadays people have access to everything with the tap of a finger — clothes, food and even relationships. And while this digital era may come with efficiencies and ease, it also comes with concerns — especially with cybersecurity.
Ransomware is a huge, ever-increasing problem throughout the country. October was National Cybersecurity Awareness Month, so learning tips and tricks to protect your computer from succumbing to ransomware attacks has been a hot topic — including at the municipal level.
In August, The New York Times reported that 22 cities in Texas were simultaneously being "held hostage" by a single hacker who demanded millions in ransom. As of August, more than 40 municipalities had been attacked across the country this year, according to the Times.
"The larger government organizations that have been hit have been impacted for even months from ransomware," said Wes Pay, acting chief technology officer for the City of Lake Oswego. "The costs associated with resolving those issues are astronomical."
Though Pay considers Lake Oswego lucky because there have been no recent issues, he said the City did have a ransomware incident a couple years ago.
Someone received a document in an email and opened it, and it infected the computer they were using as well as some of the City's data and documents.
"We were able to detect that event in approximately 30 minutes and completely recover from it," said Pay, adding that it didn't cost anything and it wasn't a targeted attack — just a random spam email.
Pay said some local jurisdictions were hit by targeted attacks, meaning the public-facing systems were monitored and the attacker found weak spots in the system and exploited them. The attacker first took out the backups so
data couldn't be retrieved, and then the live data was destroyed.
"That's a real problem," said Pay, adding that the Oregon National Guard started a program that assists governments and local agencies with cybersecurity, helping these agencies analyze their systems and recover data when there are incidents. "We are pretty lucky in Oregon."
City of Wilsonville Information Systems Director Andy Stone said the Wilsonville government hasn't experienced any major security threats in recent years other than one incident in which a few files were encrypted by an outside entity, meaning the City no longer had access to them. However, whoever encrypted the files did not ask for a ransom and the City had a backup of the files.
"That was probably four, five, six years ago, and we've made quite a few advancements as technology has increased," Stone said.
He said the City has firewalls in place and antivirus software that scans computers and local networks and scans links before they are clicked. It also has filters that block malicious content and email evaluations that assess whether an email fits the profile of a phishing attempt. If it does, it will be blocked.
The City has performed mock phishing attacks and teaches staff what to look out for and what emails and sites to avoid. Stone said educat-
ing staff has been the most
effective preventative measure.
"The most important thing is we do a lot of education with our staff as to what constitutes a bad email or a bad site. That has been as important as any other software piece. If someone clicks on the wrong thing you're in a (tough) spot," Stone said.
Wilsonville Police Chief Rob Wurpes said reports of phone call scams and phishing attempts are increasingly prevalent in the community.
"We're constantly exposed to this," he said.
Common examples are people calling claiming they are the IRS or a credit card company asking for sensitive information or money or coaxing people into clicking malicious links online.
"The reason they do it is because there's a percentage of people who fall for it," Wurpes said. "The elderly are a vulnerable population and sometimes fall prey to that."
In those instances, Wurpes recommends people try to verify whether the source is reputable before taking action and to not give others access to your computer. Wilsonville Sgt. Brian Pearson said that fraudsters often ask for unusual payment methods. He also said tech savvy people should talk through these issues with their relatives.
He added: "If somebody is suspecting a scam, they can call us at any time and talk to a deputy, tell details of what's going on and we can give them advice."
Pearson said banks often become the victim in these instances as well because they often end up footing the bill for stolen money. And Wurpes and Pearson said that though this is a local issue, it's extremely difficult for local entities to deal with it. And ooutside the country, even the FBI is unable to stop it.
"When it goes outside the U.S. it becomes almost impossible," Pearson said.
Pay said two prevention strategies that residents should focus on to avoid attacks on personal computers are creating unique passwords, not using the same password for multiple sites, and knowing how to recognize what a phishing email looks like.
"I encourage people not to reuse their passwords," Pay said.
"Cybersecurity seems like a daunting, even depressing situation, but it's really not," Pay said. "Yes, it's an issue, but if we all think about it periodically and maintain a certain level of awareness, it's not something that we can't deal with. It's out there, it's an ongoing problem, but it shouldn't be something people should necessarily be afraid of. Life will go on."
Quality local journalism takes time and money, which comes, in part, from paying readers. If you enjoy articles like this one, please consider supporting us.
(It costs just a few cents a day.)