According to state auditors, a village of 8,000 in central New York made ransom payments of $300 and $500 in 2014 to keep its computers running. The payments were demanded after several official-looking emails released malware throughout the villageís system.
The results of the audit of 100 municipal computer systems by the comptrollerís office in the past 3 years showed that this incident should warn others of the growing threat, which can infiltrate computers and make them inaccessible. Apparently, the largest problem for the village was its financial software, because the payroll and village accounting systems were locked up after the hack.
The problem is that other agencies across the US have also dealt with ransomware. For example, in Maine this year, one sheriffís office machines were infected and held hostage until the agency paid a ransom of about $300. The Federal Bureau of Investigation helped track the payment to a Swiss bank account, but identities of the hackers were not revealed. Another case mentions suburban Chicago, where the village police paid a $500 ransom in Bitcoin (which is virtually untraceable) to also get their files unencrypted.
As for the latest case, the first email had an attachment, which, once opened, converted all data stored in the system into an unreadable encrypted format. Hackers demanded a $300 ransom payment and the village complied, entering the number of a prepaid credit card to a portal specified by the hackers to get the decryption keys. Another email led to more encryption and a $500 ransom payment a few months later.
Since then, the village officials have endorsed new security steps: they trained employees specifically on looking out for suspicious emails and cooperated with the auditors to identify various security gaps. Now they seem safe.
However, the comptrollerís office said that these incidents should be a warning to local government officials. Despite the fact that the dollar amounts were small and no important information was lost or leaked, they show how the lack of basic computer protection can potentially cost taxpayers and threaten the operations of municipalities. The security experts pointed at lack of a recovery plan for security incidents with backup data and staying current about ongoing threats.