One morning last month, employees at Truman Medical Centers in Kansas City got locked out of portions of their own computer system.
That came more than a year after Blue Springs Family Care confirmed it had been hit in May 2018.
Both had been hit by ransomware, a form of cyberattack in which malware locks up a computer or computer system, which can severely hamper an organization's operations. The hackers then typically demand a ransom, often paid in Bitcoin or another cryptocurrency to avoid detection, before they unlock the computer system to allow access again. Cities, school systems and national and global companies have all been hit.
While ransomware attacks have been going on for a few years, says Brian Hurley, director of the nationally recognized cybersecurity program at Metropolitan Community College-Blue River in Independence, “you're hearing more about it now because attackers are figuring out some people are willing to pay.”
Whereas many cyberattacks have been about stealing information or access to that information and then using that to steal other people's money, ransomware attackers seek another route to cash, preying upon an organization's need for the information they're locked out of.
“They're not always seeking data, but rather can they (the company) pay,” Hurley said. “You know that a hospital's got to act quickly; that's vital information.”
With Truman Medical Centers, the hacker did not hit the area where patients' personal health and financial information was housed. The medical group said patient care was not affected that day.
In a statement, TMC said it worked with a third-party negotiator, its cyber insurance carrier and outside cyber counsel to pay an undisclosed amount of money for affected programs to be unlocked – money covered by insurance.
Blue Springs Family Care's attacker gained access to thousands of patient records, but apparently didn't use the information. And Blue Springs Family Care didn't pay the ransom; instead it regained access through a backup system.
Beyond those local examples, the cities of Baltimore and Atlanta have suffered prominent attacks in the last 18 months. City employees didn't pay the ransom in either case, but Baltimore has spent about $18 million and Atlanta $17 million to recover data and build up cybersecurity after the fact.
“They're not just after money; they're out to do destruction,” David Evans, chief information officer for Kansas City and a member of regional cybersecurity task force, told the Independence Chamber of Commerce this week. “(Those cities) were devastated.”
A spokesperson for the FBI office in Kansas City said she couldn't divulge how many such cases local investigators are working, but it's fair to presume there are many offices around the country working a ransomware case.
“The FBI as a whole across 56 offices have significant cases, and we have received calls (about ransomware),” Bridget Patton said. “No one is truly immune from this. It's growing; it's evolving, there's different deployment methods and growing distribution. Every office has cybercrime squads.”
How it starts
Like many cyberattacks, ransomware can hit through just one computer and quickly spread.
“It can be as simple as someone sending an email and the link is infected,” Hurley said, “and then it gets into the network and starts encrypting files and locking them.
“The reason they are using that is everybody uses email,” he said. “Human behavior is the No. 1 weakness that leads to this.”
Evans said the top two causes he sees are employee exploitation and vulnerable systems.
Expert hackers, he said, “are checking windows and doors, finding the open door.”
To illustrate how rapidly such an infection can spread, Evans mentioned a global shipping giant, Maersk, which got hit from malware intended for another target.
“Anything of theirs around the world was compromised in about eight minutes,” he said.
Hurley said some people might advise a company to simply pay the ransom, as recovering data on your own could cost even more.
“(They say) there's nothing you can do about it, and it's completely anonymous,” he said. “You have the option of trying to clean your files, ignore it and hope you have backup and you can start isolating the computer.”
Then, Hurley said, you have to identify the type of malware involved, which usually requires a consultant. After that, you contact the FBI and then either pay the ransom to have it unlocked or restore the system.
Can you avoid it?
Patton said there's “no perfect solution” against ransomware, but the best methods ransomware are part individual and part company-wide.
People should use the most current and updated versions of operating systems on their computers and have employee awareness training, she said, and employees should learn to be skeptical of emails and links that don't appear normal or come from an unknown sender.
Hurley calls it practicing “good cyber hygiene.”
“(Computer) users have to be trained on good practices,” he said, “and you have to have a disaster recovery plan and be confident you can completely restore with a backup.
“Large companies go through scenarios like this, but 75 percent of small businesses don't have a backup plan. “Have your data backed up, that you know with certainty you can restore it.”
Hurley said one way Truman Medical Centers helped itself was by segmenting computer systems, so that one hack didn't bring everything to a halt. When the retail chain Target got hit by hackers in 2013, it had its HVAC, electrical and point of sale systems all in one area.
“That's like running your supply lines and sewage through the same pipe,” he said. “It's not going to end well.”
City of Independence spokesperson Meg Lewis said the city doesn’t comment on specific defensive measure with network security, but it does “continually monitor threats against the city’s system.”
The bottom line, Hurley said, is that nobody can afford not have some safeguard and/or disaster plan in place for such an attack.
“We're going to see it continue to grow,” he said. “Nothing's 100 percent secure. You can have all your doors and windows locked and still get a burglar.”