[affected] system was removed from the network and replaced with a new, clean system with minimal impact to the user and agency,” the letter says.
When local and state governments are included, things get a little messier.
The DHS report also cites ransomware cases investigated by the Multi-State Information Sharing & Analysis Center (MS-ISAC), a nonprofit that works with the DHS to prevent, track, and address cyberattacks on the nearly 1,000 US government entities in its membership.
The group provided forensic assistance — including analysis of cloned hard drives and telephone support — for 45 cases of ransomware on government machines last year, according to MS-ISAC Director of Communications Barbara Ware.
Factoring in MS-ISAC’s network-monitoring service, the number gets much bigger. MS-ISAC detected and alerted government entities to 2,000 ransomware infections in 2015.
The number is startling when one considers that MS-ISAC offers only network monitoring to a small minority of its 1,000 members — “65+” according to the 2015 catalog of services — bu Ware stressed that a single “member” could be an entire state government, encompassing state universities and law enforcement.
Perhaps most disturbing is how often infected organizations end up paying ransoms to regain access to their computer systems.
While the DHS did not know of any cases where federal agencies paid ransoms, the DOJ said that the FBI has been contacted by state and local governments multiple times for help with ransomware incidents. Media reports confirm that many of those are paying up.
In early February, the town of Medfield, Massachusetts, paid hackers $300 after a virus completely disabled the municipal computer network for a week. Just a few weeks later, school administrators in Horry County, South Carolina, paid hackers $8,500 to get rid of ransomware that had infected the school’s servers.
Police departments (PDs) are particularly vulnerable to ransomware. MS-ISAC chair Tom Duffy told Business Insider that local PDs are often the least likely to have off-site backups of their data. Those backups are a crucial fail-safe if you want to regain access to your maliciously encrypted data without paying.
The effects are clear: Police departments have been forced to hand over taxpayer dollars to criminals in Tennessee, Illinois, and three times in Massachusetts. The most recent of those cases, in Melrose, Massachusetts, was only weeks ago.
The FBI continues to investigate large-scale incidents, but the DOJ admits in its report that the most sophisticated strains of ransomware are “practically impossible to defeat” without getting hackers’ private decryption keys. As a result, the FBI has focused its efforts on educating the public on prevention.
And while prevention may be the best cure, it’s much harder when your defense doesn’t work properly.
The DHS recently found that its EINSTEIN cybersecurity service for federal agencies relies on signatures of known viruses for detection. That makes it vulnerable to new or previously unseen viruses, a particular issue when new strains of ransomware seem to pop up every week.
But the situation is not without hope. The government is having some success is shutting down some online hacker activity.
In its letter, the DOJ touted Operation Shrouded Horizon, an international cybercrime effort that shut down Darkode, which was called “the most prolific English-speaking cyber-criminal forum to date” by Europol. The DOJ and the DHS mentioned the operation to shut down the Gameover ZeuS botnet, which was used to spread Cryptolocker, one of the most prevalent ransomware viruses on the internet.
But, Carper notes, Cryptolocker’s “architect” remains at large in Russia.
On the question of how to bring international suspects to justice, the department conceded that these hackers tend to hail from uncooperative regions. The rest of the department’s answer, however, is redacted.
This is why it’s important to have a good solid Anti-Virus on your computer. It’s better to stop them before they get in.
Friendly Computers can help with that. Give us a call today. 509-315-9492.