BOSTON — School closures, car inspections stalled and emergency services communications affected; those are some of the disruptions ransomware attacks have caused in Massachusetts in recent weeks.
25 Investigates examined who is behind these attacks and whether enough is being done to thwart future incidents.
As investigative reporter Ted Daniel found, business has been good for these digital extortionists. Ransomware attacks in the U.S. have increased by 300% in the past nine months, in part because more people are working remotely.
Hackers form Evil Corp, a Russian cybercrimes organization, are responsible for ransomware attacks in 11 states, including Massachusetts, according to the Department of Justice.
Videos on social media show Evil Corp members enjoying a lavish lifestyle, including fast cars and exotic pets, presumably funded with ill-gotten money.
The FBI says a different group of Russian hackers is behind recent cyberattacks that shut down the Colonial gas pipeline. The pipeline moves nearly half the fuel used on the eastern seaboard. And you may be paying more at the pump because of it.
“The nature of these attacks does seem to be changing,” said Jane Fountain, a cybersecurity expert and professor at the University of Massachusetts-Amherst’s College of Information and Computer Sciences.
Fountain said hackers are demanding higher ransoms and stealing private data even when the ransom is paid. That data can include credit card numbers, medical records and social security numbers.
“Many criminals realize that they can try selling that data on the black market, all over the world. So they can attack operations, as well as encrypting data,” she said.
25 Investigates was the first to report that hackers took down the computer network at Lawrence City Hall last month.
Haverhill Public Schools was simultaneously dealing with a ransomware attack of its own.
Ransoms have also been demanded from or paid by the vendor that hosts the Registry of Motor Vehicles inspection network. That security failure cost repair shops thousands and temporarily allowed potentially unsafe cars on the road.
The list of ransomware attacks in Massachusetts includes: City of New Bedford, Tewksbury Police, Town of Rockport, Melrose Police, Reading municipal light department, Leominster public schools, Chicopee public schools, Nuance Communications in Burlington and UMass Memorial in Worcester.
Bruce Forman, chief information security officer at UMass Memorial Healthcare, said he had to fight a ransomware attack many years ago. It all started when an employee accidentally opened a phishing email.
“We were able to recover most of our systems from our backup copies of our data,” Forman said. “You’re trying to teach people not to click on these, these phishing emails to recognize them, and when they do when they provide the information you’re trying to identify, detect that as quickly as possible and, and turn it off.”
UMass says is it takes cybersecurity very seriously and has a team of professionals dedicated to protecting its network.
But, according to former hacker Adriel Desautels, that’s not always the case.
Desautels is the chief technology officer at the computer security firm, NetraGard. Companies hire him to find vulnerabilities or holes in their networks. And with so many people working from home due to these days, he says those have increased.
“As businesses become more and more virtual, especially with a pandemic, there’s more and more opportunity. So I think that the attacks are on the rise just because of an increase in opportunity,” he said.
Desautels says a false sense of security permeates the industry and, just like with the Colonial pipeline attack, often the threat isn’t realized until it’s too late.
“Most people are under the assumption that the security technologies that they’re buying are literal solutions. And most people also think, ‘Well, they will protect my data.’ There’s no such thing,” he added.
Just about anything with an internet connection is vulnerable to ransomware, including home computers.
Here are few things to help protect your private information: Be careful what you click, avoid files and attachments unless they’re from a trusted sender, stay away from dodgy websites, and never plug in a random USB stick.
Download the free Boston 25 News app for up-to-the-minute push alerts