Increase of Ransomware in Madison
The world has become a web of wires, or more accurately, fibre optic cables. We have welcomed computers into every part of our lives. They are used to manage, track, and process data in everything from Aviation to zoology [ZOH-OL-OH-GEE]. They are developed by the international community of software developers who create the tools that we use every day. Not all these developers are benevolent, however. And our worldwide web of fiber makes it possible for these dangerous developers to devastate computer systems on the other side of the earth.
You might have recently become aware of the threat of computer-based attacks from the recent outpouring of advice because of Russia’s invasion of Ukraine. . The threats and impacts of a cyber attack are real and are now carefully considered in military arenas.
But the nation versus nation cyber clashes are not the most common. It’s far more likely that organized crime will have an effect on your life. And today this will most often come in a form called ransomware.
Ransomware is a style of cyber attack that aims to extort someone out of money by locking their data up and demanding payment. Business of all kinds can be affected, along with cities, municipalities, governments, celebrities, and nonprofits. By encrypting the data of these organizations, hackers demand ransom payments anywhere from a few thousand, to millions of dollars.
In recent years, ransom demands have skyrocketed. For that how that might impact the city of Madison, I reached out to Keatron Evans, . He’s the Principal Security Researcher at Infosec, which provides cyber security training and crisis management nationwide.
“The danger for Madison, the city of Madison, and the businesses 5 years ago was much less than it is today and I think a large part of that is driven by, one, we’ve had a lot more publicity of ransomware and the reason for that is because of the record number of money that is paid out.”
Ransomware can affect any kind of organization. On Saturday, WGN reported that almost 50,000 students in Chicago Public Schools had their personal information targeted by a ransomware attack.
Ransomware attacks can affect cities as well. A recent and famous example can be found in Atlanta, Georgia. In 2018, nearly the entire city’s computer systems were interrupted because of ransomware. Atlanta was told to pay a ransom of $51,000, but decided not to. Today, it’s estimated that the city has paid around $3 Million dollars in repair and consulting costs.
A prominent case in government and industry was the Colonial Pipeline. The pipeline was shutdown by its operators shortly after a demand for $4.4M was seen on a computer close to the pipeline control systems. The Russian hackers also stole 100GB worth of data which it threatened to release if the ransom was not paid.
These breaches and ransoms keep increasing because the cyber criminal organization watches their targets closely. In our conversation Keatron Evans said that ransomware organizations spend about 80% of their time researching their targets.
The landscape of cyber attacks can feel daunting. On top of that, there are now laws in place that require businesses to disclose whether they have been attacked. But this depends on what kind of business you are and what kind of data is breached in an attack. Sarah Sargent is a Privacy and Cybersecurity attorney at the Madison law firm. Godfrey and Kahn.They write privacy policies, help companies deal with legal requirements around data, and also help deal with cyber attacks.
“Depending on the wording of the state if your personal information – acquired meaning stolen – then the company has to tell the individual. And that only applies to certain types of personal information. Your driver’s license, your social security number, in some states your username and password. So it’s usually information someone could use to get into an account or use to to commit identity theft or fraud”
Another part of the new cyber security landscape is insurance. As I spoke to industry professionals, they continually recommended it. Though, with the recent escalation of ransom demand sums and volumes, the cyber insurance marketplace is difficult to navigate. I spoke to Jim Blair. He’s a managing partner of Aberdean Consulting – a managed IT service.
“And we look at what’s happening in the insurance industry. Every one of these applications and forms are different. They have different expectations for the business. There’s not a lot of continuity from one insurance company to another company in what they’re looking for. They are putting pressure on the businesses to make their stuff more secure. Because the insurance companies have been burned – the last two year the two largest insurance companies have paid out more than they collected in premiums. So instead of going step 1, 2, 3, for incremental improvements, they have gone from 0 to 60. ”
So, ransomware attacks are more frequent, businesses may have legal requirements to disclose attacks, insurance against attacks is difficult to buy because of the inconsistent and high requirements.
Buckley Brinkman is the executive director and chief executive officer of the Wisconsin Center for Manufacturing & Productivity. His organization supports small manufacturers to grow and compete with large corporations. He recently took a poll on business cyber security and got some interesting results.
“We went out and polled 400 manufacturers last fall. Somewhere in the 80% range said that we are confident that we are cyber-secure. It was really interesting when we looked at that by people who had been breached and people that hadn’t. So we see that people are not taking the action that people really need to take.”
Brinkman also had this to say:
“Statistics show that if you actually are breached, 40-50% of those companies are not in existence 2 years from now.”
I was curious how the city of Madison deals with cyber threats – where the impact of service disruptions can impact people more severely. The IT department of Madison supports or manages IT for every department in Madison. Tim Bohn is the Assistant Director of the Office Of Cybersecurity. He said that the city takes measures to protect itself from cyber threats, but wouldn’t give specifics. City employees are currently trained only through a cyber security newsletter, but IT has some plans to expand.
“ We are instituting an annual training program that all city staff will have to go to to be refreshed and updated on best practices.”
Bohn would not tell me if Madison has ever suffered a ransomware attack.
The sources that I spoke to agreed on one message: just like any big problem – taking cyber security one step at a time is the way to go. The goal is to make it hard for hackers to infiltrate, limit the damage if they do, and repair quickly afterwards.