Hackers have for some time been infiltrating networks, locking them and then demanding a ransom to restore the systems. It happened to a friend of ours a few years ago, costing his business $10,000. He learned a lesson from the ordeal and it won’t happen again to him now that he has invested in beefed-up security.
Lately, hackers have been going after municipal systems. The New York Times, in a story two weeks ago, called ransomware a “digital epidemic for the public sector.” The reason, wrote the Times, is that municipal networks tend to be large and complex while at the same time many are running older, vulnerable software, and tight budgets discourage purchase of protective software.
Last fall, the director of technology for Sandwich Schools encouraged the school committee to be proactive with network security. He cited examples in which hackers stole data and threatened to broadcast sensitive information unless a ransom was paid. Leominster, he said, paid $10,000 in ransom. The city was relatively lucky; the Atlanta school system was hit for $2.6 million.
Enforcement authorities don’t want municipalities to pay ransoms for fear hackers will be emboldened to hit other cities and towns. But recovering from cyber attack can cost millions of dollars if entire systems have to be rebuilt. It is a conundrum, for sure.
It is interesting that in all the news stories published in the last few months reporting on the problem, there is hardly a word about who might be conducting the attacks. Clearly it is sophisticated stuff; the cyber attacks are not originating in a college dorm room somewhere. But are they crooks looking for a comfortable life, or are they state-sponsored with the ransoms used for even greater security threats? If that is the case, then no one should pay ransoms under any circumstances.
Whatever the case, we hope our towns are on high alert. Baltimore and Atlanta are big targets, but small towns are vulnerable, too.