PBSC seminar educates crowd on dangers of ransomware
One of the most damaging cybercrimes for businesses to fall victim to is ransomware, according to a United States Secret Service representative who spoke anonymously at Palm Beach State College as part of National Cybersecurity Awareness Month.
“Even smartphones can be encrypted with ransomware, and I believe we are going to see more and more of that,” the representative told the crowd of more than 100 at a seminar titled “Cybersecurity is in your hands. What are you going to do with it?”
Held every October, National Cybersecurity Awareness Month is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity. The College uses the time to invite experts to come and educate students, staff and the public on how they can help protect themselves and their organizations from costly cybersecurity attacks.
The Secret Service representative noted that around $1 billion in ransomware payments are made in the U.S. per year and that the average downtime cost for each company victim is $64,000.
Even though payments are made, the U.S. Secret Service does not recommend this.
“There is no guarantee that you will get your data back,” the representative said. “I’ve seen people pay the money and not get anything back, and I’ve seen people pay and the bad guys just ask for more to string their victims along. In addition, when you pay it just gives them more money to keep doing what they are doing.”
He said this year five Florida municipalities have become victims to ransomware, including the city of Stuart in April. One of its employees, detective Sgt Michael Gerwan from the police department’s criminal investigations division, told the audience about the damaging effects of the attack.
“We entered into hell at the city of Stuart,” Gerwan said. “People went home one day and they came back to work and we were back in 1984.”
According to Gerwan, the city had no internet and no access to its files. Officers were investigating calls with no information and couldn’t run reports for warrants, issue citations or communicate with other agencies. They lost about two years of digital evidence.
“Imagine you are a victim of a crime and the police department that you call can’t even help you,” Gerwan said.
He explained that the city was hacked due to an email phishing scam, which the Secret Service representative said is the most common attack.
“Over 90% of successful cyberattacks begin with a spear phishing email,” said Guy Albertini, PBSC information security officer. “This type of email is more targeted because it deceives the recipient into thinking it’s coming from someone they know.”
Even though the attack was devastating to Stuart, city officials decided not to pay the $300,000 ransom.
“We were already in the process of replacing our servers so our city manager who was a former police chief believed he could tackle the problem instead of paying the ransom,” Gerwan said.
Since the attack, the city has changed a lot of its policies to help ensure another one doesn’t happen. According to Gerwan, city employees are no longer allowed to check their personal email, visit their personal social media sites or plug a personal thumb drive into their computers while at work.
Gerwan also noted that after the remediation, some of the city’s business partners treated them like the plague. They did not want to receive any digital communications from them for fear that they could be infected as well.
In addition to hearing from the Secret Service representative and Gerwan, participants also heard advice and were able to ask questions from a panel of PBSC cybersecurity professors and staff who all encouraged those in attendance during the third annual event held Oct. 16 to be more proactive to protect themselves.
The Secret Service representative also provided the following tips:
- Employ a data backup and recovery plan for all critical information and backup your data on a regular basis. Ideally, this data should be kept on a separate device and should be stored offline.
- Update software and operating systems with the latest patches. Out of date applications and operating systems are the low hanging fruit of most malicious actors.
- Restrict users’ abilities and permissions within your organization. Some organizations make everyone a system administrator which is not a good practice. If the criminals get into that system, then they can do whatever they want.
- Remind employees to never click unsolicited links or open unsolicited attachments.
- Remove Windows Remote Desktop Protocol or strengthen it with a Virtual Private Network.
- Look into cyber insurance. However, it can be costly. Read your policy carefully, as some insurers consider ransomware to be an act of war and will not cover it.
- If infected, hang on to your infected hard drives. Hopefully, within a year or two there will be an decryption tool available for you to get your data back.
The problem with ransomware is so prevalent that PBSC decided to make it a part of its annual cybersecurity awareness training which all employees are required to complete by Nov. 15. According to Albertini, student training is also being developed. For more information on cybersecurity at PBSC, visit www.palmbeachstate.edu/cybersecurity.