0 comments
[UPDATED] When the 911 system went down in early June, Pasadena officials feared the city was the victim of a hack or a ransomware attack that could block them out of the system and leave local residents without access to emergency police dispatchers.
Later, it was determined the phone carrier could have experienced a problem that impacted the city emergency response lines.
High-tech ransomware attacks are becoming the new wave of terrorism.
Over the holiday weekend, hackers believed to be operating out of Russia infected more than 1,500 organizations around the world, according to cybersecurity experts.
Ransomware is a computer virus designed to encrypt files and lock organizations out of their computers. After the virus takes hold, typically someone guarantees to remove it for a ransom, with payment demanded in cryptocurrency.
“We have very robust security in place in our IT division,” said city Public Information Officer Lisa Derderian. “Every city employee has to go through ongoing cybersecurity training. That’s mandated.”
According to Eric Schlissel, CEO of GeekTek, the problem is most companies don’t take the steps that Pasadena has taken.
“The real problem is most business owners don’t care. They don’t want to hear about best practices,” Schlissel said. “They want to hear about keeping their business up and running.”
Often the perpetrator will threaten to release sensitive information, which is what happened in Azusa — twice. In March, the department released a statement admitting that the Police Department had been locked out of its system twice by ransomware.
“Azusa police immediately contacted its law enforcement partners and began working with third-party specialists to determine the source of the incident and extent of systems affected,” the department said in its release.
The department was able to make emergency systems operational, refused to cooperate with the cybercriminal and did not pay any ransom.
The department discovered that Social Security numbers, driver’s license numbers, California identification card numbers, passport numbers, military identification numbers, financial account information, medical information, health insurance information, and/or information or data collected through the use or operation of an automated license plate recognition system were compromised during the attack.
The Pasadena City Council recently approved the purchase of a mobile command unit that would allow the Police Department to maintain emergency lines in the wake of a ransomware attack.
In the attack last week, cybercriminals attacked Kaseya, a software company. The attack behaved like a hierarchy, starting at the top of the chain and trickling down to servers containing the software.
“The City of Pasadena does not use Kaseya VSA software either directly from Kaseya or through a third-party managed service provider, and therefore is not impacted by the recent events involving Kaseya VSA software,” said Phillip Leclair, who serves as the city’s chief information officer in the IT Department.
That type of attack could leave millions if not billions of people without Internet, cell phone and banking services. Making matters worse, many people now bundle services, which could make them more vulnerable.
Also, smartphones and TVs regularly download updates which could allow a virus into their devices.
“In the future, what we’re going to see are more centralized management platforms that make lives for people like us a lot easier, but then there is the single point of failure,” Schlissel said. “If one of them is attacked, then it will trickle down into all of the different businesses that it reaches.”
But even worse, ransomware is becoming a profitable business.
Hackers in the Kaseya VSA lockout are demanding $2 billion in bitcoin payments.
In an attack on the Colonia Pipeline, hackers received $2.3 million in bitcoin in exchange for access to the pipeline’s infrastructure. Lawmakers later recovered the funds.
“The issue once ransomware came out was that we monetize an attack platform,” said Darrin Johnson, senior management consultant at GeekTek. “So now we made it profitable and created a business model for this to happen. Once that happened, it opened the floodgates.
“So, as soon as we started paying large sums of money to keep our data and get our data back and not have to tell people that our data was leaked, it set a precedent for us to open the flood gates. And then the numbers are going up dramatically,” Johnson said.
Johnson recently told a client that was dealing with a ransomware attack at a small business with 25 employees and five servers. He was probably looking at a ransom in the $500,000 to $700,000 range.
“The ransom came in at $775,000. A year ago, or two years ago, those numbers would have been down in the 50, 60, 70,000 range. It’s just astronomically growing because it’s a profitable market space.”
Get our daily Pasadena newspaper in your email box. Free.
Get all the latest Pasadena news, more than 10 fresh stories daily, 7 days a week at 7 a.m.
