Ransomware attacks spread throughout Ohio cities, counties
Recent ransomware attacks have targeted several Ohio cities and counties over the past year, forcing some to use taxpayer dollars to bail themselves out of the attacks.
Ransomware is a type of virus cyber criminals use to install fraudulent software that encrypts a computer's files, rendering them inaccessible according to Time. Then, the ransomware typically extorts the user into making a payment to the cyber criminals in order to decrypt the files.
“We’ve seen some which ask for $500 or even $700, but that seems to be over the top,” Candid Wueest, Symantec’s principal threat researcher, told Time.
Some are able to avoid the payments if their cybersecurity practices are strong. Last year, the Dayton, Ohio-based Miami Valley Regional Planning Commission reported that a ransomware attack compromised 15,000 of its files, according to SC Magazine. While the ransomware’s perpetrators demanded about $1,400, the commission did not pay the money and was able to restore its files in about 30 minutes.
Some locales, like Vernon Township in Clinton County regularly back up their files, according to The Columbus Dispatch. Because of this measure, the township was able to avoid paying a ransom after an attempted ransomware attack in April.
While some municipalities like Peru Township in Morrow County are victimized by such attacks, the demanded ransom may be low. The township had to pay out $200 after the fiscal officer’s computer began screeching and a pop-up message instructed users to call a phone number to get the problem fixed, according to WCMH-TV.
Others aren’t so lucky. A ransomware virus attacked an eastern Ohio county court by encrypting the courts data on May 31, according to WCMH-TV. The county had to pay $2,500 to decrypt its files. The investigation is still ongoing, hence the TV station’s decision to not name the county.
The September case of the Madison County Agricultural Society was even worse. A cybercriminal posed as the Internal Revenue Service to collect back taxes, and the group had to pay $60,491 to halt the attack, WCMH-TV reports.
A similar scam, known as spearphishing, targeted a Big Walnut Local School District (in Delaware County) treasurer’s office employee in May, The Columbus Dispatch reports. Spearphishing involves emails that are made to look like a recipient’s co-worker or supervisor and then trick them into transferring money to the cybercriminal.
In Big Walnut’s case, the spearphishing email appeared to come from her boss and asked for a $38,520 money transfer from the school’s account, The Columbus Dispatch reports.
“We’ve all seen and heard about the criminals who try to steal our personal funds. These scammers would like nothing more than to get their sticky fingers on our tax dollars, too,” Ohio Auditor General Dave Yost told WCMH-TV. “We need to be vigilant because they are becoming increasingly sophisticated in how they attempt to steal money through the internet.”
For more information on ransomware and how to protect against it, watch AC&C Editor Derek Prall's video interview with cybersecurity expert Jason Glassberg here.