Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

New Mexico Agencies on Edge Amid Rising Ransomware Attacks

New Mexico school districts, universities, and government agencies have collectively spent millions of dollars to regain control of their computer systems after employees unknowingly opened emails containing an encrypted code that effectively shut them out of their systems.

New Mexico school districts, universities, and government agencies have collectively spent millions of dollars to regain control of their computer systems after employees unknowingly opened emails containing an encrypted code that effectively shut them out of their systems.

The ransomware attacks occurred between January 2018 and February 2020, and have put school districts and agencies on edge amid warnings of more technology terror, the Albuquerque Journal reports.

The New Mexico victims were not targeted because they were perceived to have an abundance of cash. Instead, they were the victims of a practice called “phishing,” in which hackers send out a blanket posting of hundreds or thousands of emails, explained Mary Adkins, supervisory special agent of the cyber squad in the Federal Bureau of Investigation’s Albuquerque field office.

“They’re going after school districts, hospitals, health care companies, law enforcement services, governments, individuals, mom, and pop businesses – it’s a numbers game for them,” she said. “Whatever they get their hooks into, that’s what they go after.”

The most recent attack victimized the Gadsden Independent School District in February. Computer servers, internet, phones, and email service across all 24 schools were locked out, said district spokesman Luis Villalobos.

Technicians are now “scrubbing and reloading about 8,000 individual devices throughout the system — they have to start from scratch and reboot the entire system on each device,” he said. “It’s a daunting task and a major inconvenience bordering on a disaster.”

And it’s the second time it’s happened to the district.

The most likely cause was a computer that had been infected in the previous July ransomware attack and was reconnected to the network without first having been checked by the technology department, Villalobos said.

No payroll, personnel, or student data was compromised. The full cost of the recent attack is not yet known, but restoration after the previous attack took four months and set the district back about $1.9 million, he said.

Often, the hackers seek a ransom to be paid in some form of cryptocurrency, which is commonly used on the “dark web” to purchase things that may be illegal, Adkins said.

The value of cryptocurrency fluctuates widely, but a single bitcoin today is worth just under $10,000.

The FBI investigates ransomware attacks because it’s a federal crime involving international wire fraud, as well as a violation of the Computer Fraud and Abuse Act.

The ransomware attacks to the New Mexico entities were of the lockout-only kind and none of the victims reported data or confidential information being compromised. Neither did any of the victims communicate with the hackers, though the ransom of one victim was paid through an insurance company.

In nearly every case, computer hard drives, servers, files, and devices attached to the system had to be wiped clean by deleting programs and operating systems, then reloading them, a task made easier where there were backup systems that were not attached to the servers and which remained uncorrupted.

According to Adkins, the number of ransomware attacks is growing nationally. The same goes for New Mexico, where 15 attacks were reported in 2019 compared to seven in 2018.

San Miguel County was unable to prevent the ransomware attack last January that locked out 10 computers and compromised its backup system. Still, the computers were up and running quickly because the county purchased insurance, which paid the ransom, said Taylor Horst, risk management director of the New Mexico Association of Counties.

“We offer a commercial cyber liability insurance policy to our members,” Horst said. So when the attack occurred, “San Miguel County called the hotline, the carrier immediately hired a legal firm, and they immediately hired an IT forensics firm that started dealing with the bad guys on the dark web.”

Related: Legal Services Firm Epiq Hit by Ransomware

Related: Ransomware Is Mostly Deployed After Hours: Report

Related: Durham City, County Recovering After Ransomware Attack

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack