Employees in the Treasury Department at the Wasaga Beach Town hall in Ontario Canada, walked into their office one Monday morning in April 2018, and booted up their computers to begin their workday and immediately noticed something strange. Department Head, Jocelyn Lee was being told by her employees that a lot of things were missing. They noticed that they could not access the statistics, files would not open. Some people would try to open a file and it would be blank. It was clear that something was unusual there when you looked at them, the folder. It wasn't just the Treasury Department computers that were acting weird. That morning, other town employees discovered files on their computers with strange names and folders that should be full of Word documents and Excel spreadsheets, but were completely empty. Some employees were locked out of their computers entirely. Then a couple of the computers did have a message on the screen that said, that all the data was blocked, and that you needed to contact this email address in order to get your data back. That's the ransom note. Muni hacked. Hackers got in to the emergency notification system. City employees are being asked to stay off of their computers after a massive cyber attack. Wasaga Beach had been hit with the ransomware attack, a type of computer virus that locks up computer data behind a wall of encryption. Perpetrated by hacker groups, these attacks hold a computer hostage and demand payment in exchange for unlocking your data. Ransomware attacks have become a major threat to computer networks everywhere in recent years. Countless major companies have been hit by attacks, FedEx, the shipping giant Maersk, Nissan. This form of digital extortion has been estimated to be a one billion dollar industry. But Wasaga Beach isn't some large multinational corporation. It's a small retirement community on the shores of Lake Huron. Their primary functions include supplying the town's water and ploughing the roads when it snows. Municipalities like was Wasaga Beach aren't exactly flush with cash, but ransomware has become such an incredibly effective tool of extortion that hackers have begun to troll cyberspace looking for any targets, large or small. At Town Hall, no one could access anything. Services like the fire department and 911 remained operational, the town couldn't tell which residents had paid their water bill or who owed money on their property taxes. Not the sexiest hostage situation but the hackers had all the essential data that made up the proverbial boring low home of a functioning town government. I have all your official records, your official town records, are all locked. Hackers had successfully held Wasaga Beach's computers hostage and Jocelyn's bosses face the biggest question when it comes to ransomware. Should they pay up? The first thing you need to know is that ransomware isn't new. What is new is that it's happening everywhere, all the time, worldwide a ransomware attack occurs every 40 seconds. The first documented ransomware attack occurred in 1989. Harvard biologist Joseph Popp mailed out 20000 floppy disks to researchers ahead of the World Health Organization's AIDS conference. It contained a survey about AIDS risk factors. But buried in the code was a virus that took over a victim's hard drive and demanded $189 be coughed up to restore the computer. Popp paradoxically claimed the extortion was meant to raise money for AIDS research itself. But this new form of attack left the researchers in a panic. An Italian Institute reportedly lost 10 years worth of research trying to restore the data. Modern ransomware attacks follow a similar tactic. The virus is sent in an e-mail attachment or in a link that tricks the recipient into opening it and infecting their machine. These phishing attacks rely on the same social engineering tactics that con artists have used forever, luring victims into a false sense of security by appearing completely legit. Once infected, a message appears with instructions on how to contact the hackers and pay. After the ransom's been paid, hackers supply decryption keys that unlock that data. The biggest contributors to the recent rise of ransomware has been cryptocurrency. Before, the fundamental problem with ransomware was the hackers ability to get paid. Popp directed his victims in 1989 to mail cash to a PO box in Panama. Both cryptocurrencies like bitcoin payment can be quick and most importantly anonymous. Cities have become an appealing target mostly because they're operating often on out-of-date computer networks with pretty poor cybersecurity to prevent threats. San Francisco had its transit system hacked in 2016, forcing the city to offer free ride for two days. Riders will notice a few things, that metro gate at several stations are wide open right now. Dallas had their emergency alert system hacked, allowing hackers to activate their 156 siren tornado alerts system, for an hour and a half. Jake Williams is a cyber security consultant who helps municipalities navigate a ransomware attack after they've been hit. When not headline grabbing, he says attacks can have real world consequences. When General Electric or Best Buy, or whoever gets a ransomware, unless you work there explicitly, nobody cares. But when suddenly your town can no longer provide water services or the EMS is now three minutes slower per call, there is a huge issue there. We have one where for a week they didn't let anybody out of jail because they didn't know it was supposed to get out of jail when, and they didn't have the records. One of the most publicized hacks came in March of 2018 when the city of Atlanta was hit by a massive ransomware attack. As you all know, Atlanta is experiencing outages. A notorious hacker group called SamSam, wormed its way through the city's entire computer network and crippled it. The municipal court system was forced to close, online payments for city services were ofline, and the police department lost dozens of archived dash-cam video. The hackers asking price? $50,000. Is the city of Atlanta going to pay the ransom? We can't speak to that right now. Hackers have gotten very good at understanding how much a city would be willing to pay to recover their data. They often demand what victims might consider a reasonable sum of money, making paying far more appealing than trying to recover your data yourself. In Wasaga Beach is was Jocelyn who became the de facto hostage negotiator to find out the hackers demands. I never thought I'd have to do that, I can say that. They were polite, they definitely were experienced and I would describe the communication as a typical business communication. They gave instructions on how you would proceed and they gave step-by-step. Hackers know the position towns are in and do their best to make paying the ransom the easiest option. I think in the movies, we picture that these attackers are the big bad f-you guys. You didn't say the magic word. Over the last couple of years, there's been a move towards full customer service. Honestly, I wish my Internet service provider had customer service the way these guys do. But saying no to hackers often comes out to just how important it is for you to get your data back. Some backers you would want to consider, I think is probably what's been encypted? Do you have backup available? Another big question is, does your town or city charter does even allow you to pay that? Most of them don't have any real IT infrastructure to begin with, so in the vast majority of cases, it's pay or don't get your stuff back. Plus the sheer cost of building your computer network from scratch often far outweighs the ransom demands. Atlanta reportedly ended up spending $2.6 million to update the computer network and deal with the fallout of SamSam attack. Wasaga Beach paid the ransom, but they can't say how much they paid until they present their town council with a report on the incident. It took over a month to decrypt the town's files, but Wasaga Beach recovered almost all of their data. Soon after, it was like the hack never happened. If you walk around now, you would never know [inaudible]. It's come and gone. The FBI has published guidelines for dealing with a ransomware attack. They suggest you do not pay. However, they even admit that holding your nose and paying off the hackers might be the most viable option for some organizations. But it doesn't make the situation any easier. You're dealing with total strangers, you're handing them money hoping that they will that give you back the key. What do you think? Should cities pay hackers during a ransomware attack? Comment below and like and subscribe for more Cheddar Deep Dives and Breakdowns.
