Under federal and state law, kidnapping is commonly defined as “the taking of a person from one place to another against his or her will.” In other words, someone is taken, a ransom note is sent, and ransom demands are either met or not met, depending on the situation. If the ransom is paid, the victim is released (hopefully), and all goes back to normal.
What happens if the kidnapping “victim” is data? Hard to imagine, yes, but it has happened on one too many occasions. One such incident involved the Dickson County Sheriff’s Office in Tennessee. Cyberthieves took over the Sherriff’s Department computer system and required a ransom from their victims to release their files.
In a recent State Tech Magazine article, Nicole Blake Johnson outlines the Dickson County incident as follows:
It appeared the malware could have entered through an online radio stream of radio station WDKN that staff at the sheriff’s office was listening to, but the station’s president and general manager dismissed that idea. What is clear is that the ransomware infected the department’s report management system, according to The Tennessean. Employees were then notified through a message on their computer screens that they had to pay the $572 ransom by a set time for their data to be released.
The type of ransomware used to attack the sheriff’s office is called Cryptowall, and it “works by encrypting files on any attached storage devices with a high-level encryption scheme,” Sherriff Bledsoe said. “Typically, backups are made with storage devices, so in many cases backup data is also vulnerable.”
Bledsoe explained: “Although a substantial portion of the data encrypted on the report management server was able to be restored from backups, there were still approximately 72,000 files affected on the host computer, which introduced the malware to the network and the report management system and the attached drives.”
The department is exploring solutions to prevent this kind of attack from happening again, Bledsoe said. IT managers are warned to take the following precautions to protect computer networks from ransomware:
- Start with spam filtering as the first line of defense. Blocking spoofed email is the cleanest and best way to guard against ransomware.
- Maintain current data backups.
- Continue to warn staff not to open email that looks suspicious.
For more information regarding this incident, read the full State Tech Magazine article.
APPLICATION DEVELOPMENT: Blue Mountain Data Systems is dedicated to Application Development and Systems Integration for Federal Civilian Agencies, Document Management Systems that help in the preparation, scanning, indexing, categorizing and quality control of millions of pages of paper documents to electronic format and the Automation of Workflow Processes. Call us at 703-502-3416.