Ransomware attack – it can happen here

Cities and towns and institutions like hospitals and school districts have been in the news recently, detailing ransomware attacks and how they were handled.

In most instances, an errant attachment was clicked and ransomware invaded all the host computers in a network, encrypting the data and rendering it unusable. Riviera Beach, Florida, recently paid $600,000 to those who held its data hostage, according to a recent New York Times article. The city of Atlanta suffered a ransomware attack that ended up costing $17 million. Some towns pay the ransom and don’t get their data back. Some buy new computers using insurance funds.

So could it happen here?

It already has, according to Michael Ketchel of Butternut Systems in Waitsfield. He works with towns, businesses and individuals on cybersecurity issues.

“We’ve had more clients than I wish with this problem. We have never paid the ransom,” Ketchel said.

He said that both Moretown and Warren had been attacked, and in both cases good backups and rapid response times limited the damage and also allowed the data and computers to be fully restored.

It comes down to two things, he said: user awareness and proper backups.

“Sometimes people think they have a backup that protects them, but they don’t. There are some backups that don’t store multiple revisions. Sometimes the right data isn’t being backed up and sometimes it stops working and no one checks it. Websites can be attacked. People assume their host is backing up their website for them when they’re not. Email may not be backing up properly,” he said.

He cautioned that people using an external hard drive need to detach it after every backup because ransomware will scan a system and encrypt external drives swiftly.

“But then you can’t leave those unplugged on your desk and not perform regular backups either,” he said.

User awareness is critical. People should be trained not to click on unknown links and attachments, he said. Most of the risk these days involves tricking users into taking action that puts the data at risk, he said.

In the case of Riviera Beach, Florida, Ketchel said that the infected document shouldn’t have made it past the antivirus protection.

“Our town officials and volunteers who work in town offices are not always technical experts, yet they work on computers day in and day out. That opens up a huge risk,” he said.

Kurt Gruendling, vice president of marketing and business for Waitsfield Telecom, said that the company works with security services that specialize in providing security for telecommunications companies. Additionally, the company utilizes third-party monitoring plus internal education as well.

There’s no 100 percent guarantee. Everything is under attack and if you’re hacked there’s no guarantee that you’ll get everything back. Even if you’re backing up to the cloud, what happens if the cloud provider is attacked?” he asked.

“Everything is at risk. There’s no foolproof way to protect yourself. There’s only best practices. Take every step to mitigate and monitor and hope your reaction time can mitigate loss,” Gruendling added.

Warren, Moretown, Fayston and Waitsfield carry municipal insurance through the Vermont League of Cities and Towns that includes coverage for cyberattacks. Calls to the Harwood Unified Union School District office seeking information about the district’s cybersecurity plans were not returned.