Valley News – Bottom Line: When will ransomware attacks hit the Upper Valley? They already have

It is no longer just a matter of time until an institution, business or town in the Upper Valley is affected by a ransomware attack. It’s already arrived. Cyber ​​security experts say this will continue to happen, and anyone who depends on a computer network to run their business, school, or city – in other words, everyone – needs to be prepared.

“Yes, they have arrived. Can I talk about it? No, but they’re coming, ”said Ray Coffin, founder of All-Access Infotech, a Fairlee information technology consultant who builds and manages IT systems for small and medium-sized businesses in the Upper Valley. “It’s at the forefront of every conversation we have. “

Unless you’ve lived off the grid (and some do in the Haute Vallée) and you don’t fully know it, hardly a day goes by when a business – if not an entire industry – is held hostage. by a ransomware attack. It’s a flourishing extortion racket: A study estimates that a total of $ 406 million in ransom was paid to criminals in 2020, up 337% from 2019.

The MO is familiar: An obscure group – many of whom are believed to be from countries like Russia, Iran, and North Korea that are hostile to the United States – take control of a target’s computer networks and demand that money is paid before providing the “key” that unlocks the seized network.

Recent examples of ransomware include the attack on the Colonial Pipeline, which carries gas to the east coast and was shut down until the operator paid $ 4.4 million. Another attack on JBS, which processes 20% of the country’s meat supply, led to a payment of $ 11 million to get its factories back up and running.

When I thought of companies in the Upper Valley that might be smart to mitigate the risk of a ransomware attack, Hypertherm was the first to come to my mind.

The employee-owned company, based in Hanover, is a world-class manufacturer of plasma and waterjet cutting technologies.

Hypertherm sells a significant percentage of its products in the international market and relies on a global supply chain for materials, thus increasing its risk profile as bad players could have many entry points into its networks.

And, I learned, Hypertherm was one of the first victims of ransomware.

“In 2010, we were hit three times in less than a year, and production was shut down for half a day,” said Robert Kay, IT manager at Hypertherm. “We paid no ransom and were able to use our backups to restore operations, but it became clear that this was an issue we needed to resolve.”

The ransomware attack, Kay said, “sparked an action plan” that covered everything from the company’s IT infrastructure to employee interactions with company systems that increase risk. . Kay declined to name specific actions, but one of the actions he took was to bring in a security expert with advanced training who has been qualified to participate in FBI briefings on cybersecurity threats.

The internal cyber specialist is also a “certified ethical hacker” who allows him to be trained in the latest hacking techniques and skills in order to penetrate the company’s IT operations to discover and correct vulnerabilities.

“We are often attacked,” Kay said. But so far, thanks to the seriousness with which Hypertherm has responded to the threat, “we have not been affected”.

The company also has ransomware insurance, he said.

In a scenario perhaps most relevant to the Upper Valley, the computer system in Leonardtown, a small town in rural Maryland, was shut down after being exposed to a ransomware attack through the vendor operating the computer system. of the city, which in turn relied on software from a targeted company.

Although the city itself was not directly attacked, the incident destroyed the data files the city used to pay its payroll and send quarterly utility bills to its 3,000 residents.

Lebanon City Manager Shaun Mulholland said this sort of situation was one of the reasons he prioritized changing the IT company and strengthening the city’s internal IT department shortly. after arriving in Lebanon in 2018.

After an assessment of the city’s IT infrastructure revealed “significant weaknesses,” they had to “totally revamp the whole system,” said Mulholland, a former Allenstown police chief in the United States. New Hampshire.

The city spent $ 750,000 to upgrade computer security, including a new computer system that operates the city’s water and sewer plants.

“There were a lot of things people could hack,” he said.

And although Mulholland has said that Lebanon has not been the target of ransomware attacks, the city is “regularly” inundated with so-called “phishing” attacks that attempt to trick city workers into revealing their information. passwords in order to hack e-mails and other accounts.

Now that Lebanon’s cybersecurity has been improved – “no one is 100% secure,” Mulholland acknowledged – the next step will be to perform “tests” with the city’s employees by a cybersecurity company that will verify at what level. point city workers are on guard to protect passwords and information. this could result in the hacking of a bad actor into the city’s computer networks, Mulholland said.

Mulholland explained that the tests will aim to ensure that city employees follow protection protocols and coach them if they make mistakes and not discipline anyone for mistakes.

“Nobody is going to be in trouble,” he said.

Most small family businesses don’t have the budget in Lebanon to patch up their IT systems, but there are still things they can do to minimize the risk of a ransomware attack, according to IT consultant Coffin.

“Make sure all of your data is backed up to a cloud provider and cloud storage,” Coffin said, explaining that if a business finds out it’s locked out of its data files, it can easily switch to them. backup files and will not be forced to pay. the attacker for the “key” to recover the data. The only data the company would lose is the data since the last backup procedure.

Of course, a business has to pay for a cloud storage provider like Amazon or Microsoft and, which costs anywhere from less than a hundred dollars per month to $ 1,000 per month depending on how much data to store, it can be a big expense. for a small business, such as a farm stand or a craftsman with an online sales platform.

But skimping to pay for protection can only lead to a higher cost later.

“It should be seen as rent, one of those expenses in the budget line,” Coffin said.

Contact John Lippman at [email protected]

Comments are closed.