Month: April 2019

Albany, NY, is coping with a ransomware attack

Posted on

Originally seen on: April 6th, 2019 by Kevin Collier

(CNN) When Albany, New York, patrolman Gregory McGee went to work last Sunday morning, he got the unpleasant news that hackers had rendered many of the internet-connected tools he relied on for work inoperable.

“We were crippled, essentially, for a whole day,” McGee, who’s vice president of the Albany Police Department’s union, told CNN.
“All of our incident reports, all of our crime reports, that’s all digitized,” McGee said, which meant cops had to write down everything that happened on paper. They showed up to work and had no access to staff schedules.
“We were like, who’s working today?” McGee said. “We have no idea what our manpower is, who’s supposed to be here.”
The culprit was the City of Albany getting infected last Saturday with ransomware, in which malicious software spreads across a network, rendering computers inaccessible, encrypting their files and demanding a fee to go away. The city had recently taken over management of most of the police department’s networks.
City Hall itself experienced a number of municipal service interruptions, too. Albany residents were told to go elsewhere to get birth certificates, death certificates or marriage licenses. Some residents complain that building and development applications haven’t been available via the city’s website, Councilwoman Judy Doesschate told CNN.

What ransomware does

Ransomware fundamentally works as an extortion scheme, encrypting computers and demanding an extortion fee to unlock them. In recent years it has become one of the most prominent problems in cybersecurity. It’s often deployed by criminal hackers simply seeking money, though the US has said the two most infamous strains, WannaCry and NotPetya, were authored by the North Korean and Russian governments, respectively.
That the ransomware hit on a Saturday is likely no coincidence, said Kelly Shortridge, the vice president of strategy at Capsule8, a New York cybersecurity company.
“By infecting an organization with ransomware on a weekend, defenders are more likely to be at a farmers market than looking at their security command center,” Shortridge said. “The heightened sense of panic and scrambling may lead to defenders being more willing to pay out higher costs for the decryption keys, as well.”
Albany declined to share additional details, including what type of ransomware it’s facing and whether it’s hired a third-party company to mitigate the problem, but a spokesperson for the New York State Office of Information Technology Services told CNN it is assisting.
There’s no indication yet who may have deployed the attack, and there are a number of active groups that use ransomware to extort funds. There is precedent for the US accusing individuals of infecting cities with ransomware, however. In November, the US Department of Justice charged two Iranian men with a campaign of targeted ransomware attacks whose more than 200 victims included hospitals, municipalities and public institutions, including the cities of Atlanta and Newark, New Jersey.

After the initial Albany hit

Things started to get better after the beginning of the week. On Monday afternoon, police were able to digitally file incident reports again. A spokesperson for the Albany Police Department said the department “has remained adequately staffed since the attack and there was never an interruption in police services to our community,” but declined further comment.
By Tuesday, the city was able to process marriage licenses again.
Birth and death certificates, however, are still unavailable from City Hall. As of the first week of the attack, at least 17 people from Albany had contacted the State Department of Health instead for birth or death certificates.
And the police department’s scheduling program was still unusable. McGee, scheduled to teach a safety class Friday, didn’t know who he would be teaching.
“Nobody knows who has training today,” he said. “We have no idea who’s actually going to be there.”
Doesschate, the councilwoman, told CNN that while the ransomware has been an inconvenience for constituents who haven’t been able to access certain information online, it was relative.
“Up until about 2 1/2 years ago, this information was not regularly posted online,” she said. “It is disappointing and a bit frustrating, but in the scheme of things, not horrible.”