Connect with us

Hi, what are you looking for?



New Mexico Agencies on Edge Amid Rising Ransomware Attacks

New Mexico school districts, universities, and government agencies have collectively spent millions of dollars to regain control of their computer systems after employees unknowingly opened emails containing an encrypted code that effectively shut them out of their systems.

New Mexico school districts, universities, and government agencies have collectively spent millions of dollars to regain control of their computer systems after employees unknowingly opened emails containing an encrypted code that effectively shut them out of their systems.

The ransomware attacks occurred between January 2018 and February 2020, and have put school districts and agencies on edge amid warnings of more technology terror, the Albuquerque Journal reports.

The New Mexico victims were not targeted because they were perceived to have an abundance of cash. Instead, they were the victims of a practice called “phishing,” in which hackers send out a blanket posting of hundreds or thousands of emails, explained Mary Adkins, supervisory special agent of the cyber squad in the Federal Bureau of Investigation’s Albuquerque field office.

“They’re going after school districts, hospitals, health care companies, law enforcement services, governments, individuals, mom, and pop businesses – it’s a numbers game for them,” she said. “Whatever they get their hooks into, that’s what they go after.”

The most recent attack victimized the Gadsden Independent School District in February. Computer servers, internet, phones, and email service across all 24 schools were locked out, said district spokesman Luis Villalobos.

Technicians are now “scrubbing and reloading about 8,000 individual devices throughout the system — they have to start from scratch and reboot the entire system on each device,” he said. “It’s a daunting task and a major inconvenience bordering on a disaster.”

And it’s the second time it’s happened to the district.

Advertisement. Scroll to continue reading.

The most likely cause was a computer that had been infected in the previous July ransomware attack and was reconnected to the network without first having been checked by the technology department, Villalobos said.

No payroll, personnel, or student data was compromised. The full cost of the recent attack is not yet known, but restoration after the previous attack took four months and set the district back about $1.9 million, he said.

Often, the hackers seek a ransom to be paid in some form of cryptocurrency, which is commonly used on the “dark web” to purchase things that may be illegal, Adkins said.

The value of cryptocurrency fluctuates widely, but a single bitcoin today is worth just under $10,000.

The FBI investigates ransomware attacks because it’s a federal crime involving international wire fraud, as well as a violation of the Computer Fraud and Abuse Act.

The ransomware attacks to the New Mexico entities were of the lockout-only kind and none of the victims reported data or confidential information being compromised. Neither did any of the victims communicate with the hackers, though the ransom of one victim was paid through an insurance company.

In nearly every case, computer hard drives, servers, files, and devices attached to the system had to be wiped clean by deleting programs and operating systems, then reloading them, a task made easier where there were backup systems that were not attached to the servers and which remained uncorrupted.

According to Adkins, the number of ransomware attacks is growing nationally. The same goes for New Mexico, where 15 attacks were reported in 2019 compared to seven in 2018.

San Miguel County was unable to prevent the ransomware attack last January that locked out 10 computers and compromised its backup system. Still, the computers were up and running quickly because the county purchased insurance, which paid the ransom, said Taylor Horst, risk management director of the New Mexico Association of Counties.

“We offer a commercial cyber liability insurance policy to our members,” Horst said. So when the attack occurred, “San Miguel County called the hotline, the carrier immediately hired a legal firm, and they immediately hired an IT forensics firm that started dealing with the bad guys on the dark web.”

Related: Legal Services Firm Epiq Hit by Ransomware

Related: Ransomware Is Mostly Deployed After Hours: Report

Related: Durham City, County Recovering After Ransomware Attack

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.