Recently, the wild wild web tried to break into Howard County Government’s computer systems.
Two weeks ago, county government employees received malicious emails containing ransomware viruses, which spread throughout government systems. This same technology was used to cripple Madison County Government earlier this month. However, despite widespread infection, the county’s IT department was able to repair the damage, and officials took precautions against such an event occurring again.
According to Howard County Information Systems Director Terry Tribby, the attacks came in two separate emails, both of which were opened by county employees. But it’s not opening the emails themselves that’s harmful, said Tribby, but rather following Internet links and opening attachments. In both of the latest instances, the employees were tricked with emails that appeared to be from Fedex, asking users to track a package. With just one click to open the attachment, files within the government servers began to go down.
“We’ve encountered issues with viruses and malware and especially this last one, ransomware, for several years,” said Tribby. “It’s always been there. It’ll always be there, and the problem is it’s always going to get worse. It’s just really starting to hit the market really hard. It’s been around since 1987, but the criminals are getting very intelligent and are able to get people to click.”
Tribby explained that after an employee had opened an attachment in the fake Fedex email, the enclosed ransomware began encrypting files within the government systems. It didn’t destroy them, but rather locked them off from access. It’s at this point that the hackers responsible for sending the ransomware will make their message known, asking for funds to unlock the newly-encrypted files.
“Basically the theme of it is the files are encrypted, and you have X number of hours to pay a ransom to get your files back,” said Tribby. “Then what they do is send you a key, you enter the key, and it un-crypts the file so it’s readable again. It actually did encrypt our files. There were about 33,000 files that were. It didn’t take long. In just a matter of minutes it can go out and do extensive damage. Our only defense to this is to make sure we have the backups.”
And this is how Howard County kept itself from becoming a victim like Madison County, according to Tribby. The local files are kept on a server offline, while Madison County’s was connected to the Internet, allowing its backup files to be encrypted as well. After being told by employees of the issue, in both of the recent instances, Tribby and his team were able to take care of the issue. At least in stopping the encryption, he said it took much longer to restore the county’s encrypted files.
To prepare for any future instances of ransomware targeting Howard County government systems, the commissioners recently approved the purchase of Sophos software, which Tribby said successfully blocked incoming, malicious software in five test runs. Also, the county will be taking further action by training its employees in how to identify malicious emails.
The contract, in total, for the software amounts to $15,000 over three years.
But these sorts of emails don’t just target governments. According to Tribby, who is part of the Indiana Government Technology Leaders Association, ransomware is also sent to businesses, banks, and private email accounts. And the ransomware can be disguised in multiple ways, meaning users need to be aware of what they’re opening.
“I’m just saying use very good judgment when you’re on the Internet, whether it’s on email or the Internet,” said Tribby. “Be careful where you go and what you click on because you could be putting yourself at risk. That’s the main key. Just use common sense, common knowledge, and be absolutely careful what you’re doing out there.”
Most notably, Tribby said that if one receive emails from companies about shipments, such as Fedex or other online retailers, it is easy to call into the company. If there’s any doubt, this is preferable to just opening emails that can have a lasting effect.
Also, the IT manager said to watch out for inconsistencies in emails that are recognized. In the past, hackers have “spoofed” or copied email addresses in order to send malicious messages. So, watch out for small changes like unfamiliar signatures.
Lastly, just don’t open anything on an email if there’s any doubt about it at all, said Tribby.
“I don’t want people being too scared of the Internet to use it because it’s an awesome tool and has a wealth of information, bigger than the largest library in the world,” said Tribby. “It is extremely beneficial for our government, and we rely on it every day. But you’ve just got to be careful and use common sense.”