See our nonprofit COVID-19 resources
We're updating our site to improve your experience. We apologize for any issues that may occur.
Hackers have used ransomware to attack the data networks of the Baltimore city government, the Georgia courts system and the Lake City, Florida government, to name but a few city governments - and not even beginning to name companies and nonprofits. Hackers are more likely to attack city governments, assuming that cities will be desperate to release their files and pay the demanded ransom. The critical services provided by government agencies and the insurance they usually carry make them attractive targets for ransomware attacks. In the case of Baltimore, the attack halted home sales and water bill payments. Due to the sensitivity and urgency of services that government agencies provide to the public, cities cannot afford to leave their computer systems suspended for prolonged periods.
Ransomware attacks start quietly: the program makes its way through the entire system and then it encrypts everything at once, making it impossible for you to access your files. At the same time, you get the ransom notice. At that point, the victim has to make a decision: pay the extortionists and get the decryption key and get your data and network back in fairly short order. Or refuse to cooperate and be willing to lose that data, which will cost untold millions of dollars and probably cost a lot of folks their jobs.
The city of Baltimore decided not to pay the 13 Bitcoin ransom demand, roughly $75,000 when its systems were hacked with RobbinHood ransomware. The cost for the city has topped 18 million dollars. That follows on the heels of last year's attack on the City of Atlanta's computer network, where the hackers demanded $51,000. Atlanta refused to pay. The resulting damage has been estimated to cost around $17 million.
How much did the crooks want for the decryption key that would restore Lake City's information systems? "Their payment request was for 42 bitcoins," said Mike Lee, a sergeant with the Lake City Police Department. "At the time of the purchase, it was roughly $460,000." Lake City officials notified state and federal law enforcement personnel and then called their insurance company, the Florida League of Cities. Lee says Lake City was advised to pay the hackers. "We have received the decryption key and we are slowly making our way through our systems a little at a time," he said. "And at this point that key has proven successful where we've used it." The Lake City taxpayers had to pick up the $10,000 deductible but the rest, $450,000, was paid by insurance.
Here's more in an article from the Washington Post - which never says how a city can protect itself from these attacks.
So, how does one protect itself from malware?
And remember that ransomware isn’t just for Windows users. Ransomware has been discovered for Macs, too.
-=-=-=-=-=- Jayne Cravens Author, The LAST Virtual Volunteering Guidebook
The prevention measures that you list are not rocket science, system administrators have known about them for years. Of course this does not stop them from being relevant, or provide much comfort to users already affected by malware. One other thing that I would suggest is consider switching to a Linux operating system, the other protection measures that you suggest will still be needed but the risk of a malware attack will be considerably less.
Having said that, switching is an option few people give serious consideration to, which is a shame.
This is quite alarming for users. Thanks for the share
Sadly, most of the nonprofits I work with don't have system administrations - they have no full-time IT person and their IT support comes from occasional volunteers or consultants. Also, a lot of nonprofit staff that are in senior level positions don't understand computer security threats - this kind of information for us non-IT people can help us make better decisions regarding protecting systems and working with experts such as yourself.
Close this window