New Mexico school districts, universities, and government agencies have collectively spent millions of dollars to regain control of their computer systems after employees unknowingly opened emails containing an encrypted code that effectively shut them out of their systems.
The New Mexico victims were not targeted because they were perceived to have an abundance of cash. Instead, they were the victims of a practice called “phishing,” in which hackers send out a blanket posting of hundreds or thousands of emails, explained Mary Adkins, supervisory special agent of the cyber squad in the Federal Bureau of Investigation’s Albuquerque field office.
“They’re going after school districts, hospitals, health care companies, law enforcement services, governments, individuals, mom, and pop businesses – it’s a numbers game for them,” she said. “Whatever they get their hooks into, that’s what they go after.”
The most recent attack victimized the Gadsden Independent School District in February. Computer servers, internet, phones, and email service across all 24 schools were locked out, said district spokesman Luis Villalobos.
Technicians are now “scrubbing and reloading about 8,000 individual devices throughout the system — they have to start from scratch and reboot the entire system on each device,” he said. “It’s a daunting task and a major inconvenience bordering on a disaster.”
And it’s the second time it’s happened to the district.
The most likely cause was a computer that had been infected in the previous July ransomware attack and was reconnected to the network without first having been checked by the technology department, Villalobos said.
No payroll, personnel, or student data was compromised. The full cost of the recent attack is not yet known, but restoration after the previous attack took four months and set the district back about $1.9 million, he said.
Often, the hackers seek a ransom to be paid in some form of cryptocurrency, which is commonly used on the “dark web” to purchase things that may be illegal, Adkins said.
The value of cryptocurrency fluctuates widely, but a single bitcoin today is worth just under $10,000.
The FBI investigates ransomware attacks because it’s a federal crime involving international wire fraud, as well as a violation of the Computer Fraud and Abuse Act.
The ransomware attacks to the New Mexico entities were of the lockout-only kind and none of the victims reported data or confidential information being compromised. Neither did any of the victims communicate with the hackers, though the ransom of one victim was paid through an insurance company.
In nearly every case, computer hard drives, servers, files, and devices attached to the system had to be wiped clean by deleting programs and operating systems, then reloading them, a task made easier where there were backup systems that were not attached to the servers and which remained uncorrupted.
According to Adkins, the number of ransomware attacks is growing nationally. The same goes for New Mexico, where 15 attacks were reported in 2019 compared to seven in 2018.
San Miguel County was unable to prevent the ransomware attack last January that locked out 10 computers and compromised its backup system. Still, the computers were up and running quickly because the county purchased insurance, which paid the ransom, said Taylor Horst, risk management director of the New Mexico Association of Counties.
“We offer a commercial cyber liability insurance policy to our members,” Horst said. So when the attack occurred, “San Miguel County called the hotline, the carrier immediately hired a legal firm, and they immediately hired an IT forensics firm that started dealing with the bad guys on the dark web.”