STATEWIDE – Targeted, sophisticated, costly; all words the FBI uses to describe ransomware attacks.
Small town offices are being targeted by cyber criminals, their records held for ransom.
Now, investigators are warning it can happen to anyone, anywhere, at any time. It’s already happening here in Maine.
“I was communicating with a criminal,” said Gus Natale, the I.T. specialist for the town of Rockport. “I didn’t want this person to win.”
It was one of Natale’s worst fears, and it became reality when he got a call from the town office last August.
“They weren’t able to open a lot of their files, the file extensions were changed,” Natale said.
In that moment, he knew the town had fallen victim to a ransomware attack.
“All of their data was gone. All of the public records were encrypted,” said Natale.
Experts say most ransomware attacks come in the form of an email with a malicious link or attachment. Once you click, the malware moves through your computer, infecting your system in a matter of seconds.
“It was completely infected by the time I got there,” said Natale.
In a ransomware attack, the hacker gives an ultimatum: Pay the ransom, and you’ll get your data back.
If you refuse to pay, you lose your records for good.
It’s a type of crime agents at the FBI Boston division have been investigating for years.
“It’s not new, ransomware attacks have been around for several years now,” said David Farrell, assistant special agent in charge of the FBI Boston Division’s cyber and counterintelligence programs. “The new part is as far as small municipalities, school districts, that don’t have the systems in place.”
While FBI data shows the overall number of ransomware attacks is going down, more and more town offices are finding themselves targeted.
“We don’t see ransomware going away any time soon,” Farrell said.
“It doesn’t surprise me,” Said Natale. “It doesn‘t surprise me at all.”
In Rockport’s case, the hacker demanded $1,200 in the form of the cryptocurrency bitcoin.
The FBI says paying the ransom should never be an option.
“The reason why is it emboldens criminal activity to continue,” said Farrell. “It also doesn‘t guarantee that you get your files and info unencrypted.”
So Natale and another specialist worked for three days straight, from Friday to Sunday night, using bits and pieces of the network that had been backed up to build a new system, saving all but one day’s worth of data.
“We did it,” Natale said. “The biggest thing was, how did this happen?”
Tuesday, part two of “Held for Ransom,” will look into at why Rockport was targeted, why we’re seeing the same in other local government offices, and how to prevent these types of attacks.