Ransomware Attacks Hold Websites Hostage

By Brenda Flanagan

Pirates hacking on the high seas of Internet traffic recently took the Washington Township Chamber of Commerce website hostage. They locked the Chamber out and held their site for ransom, says President Robert Timmons.

“A doomsday countdown clock with the instructions that we were to pay $500 or lose all the information on our website. I immediately called our webmaster. And his recommendation was if we didn’t have the material saved, then just pay the $500 and be done with it,” he said.

“We’re hearing about ransomware attacks right now, couple times a week. Couple of times a week throughout the state, again, from various businesses, all shapes and sizes,” said David Weinstein.

Weinstein is director of cybersecurity for New Jersey’s Office of Homeland Security. He’s logged dozens of these cyberattacks in New Jersey over the past year — ambush attacks by several different ransomware agents. He says victims click an innocent-looking link and get shanghaied — their systems frozen — by ransomware demanding payment in Bitcoins. Weinstein explains, pirates prefer certain targets.

“The common denominator is, they’re digitally-dependent, they have lots of data, and they have the means to pay out. These attackers are pretty smart. They’re going to target the folks who are most likely to pay out,” he said.

Among the most-preyed-upon: lawyer’s offices, brokerage firms, accountants, chambers of commerce and medical facilities.

This month, Locky ransomware hit LA’s Hollywood Presbyterian hospital, which paid more than $17,000 to regain control of its computers.

“It basically shut down Hollywood Presbyterian for a week. They couldn’t use their systems. All it takes is one employee to open up a file that they shouldn’t open,” said Art Gross.

Internet security expert Gross says Microsoft estimated ransomware infected more than 850,000 systems last year.

But Hollywood Presbyterian made headlines.

“It’s a wake-up call because it’s very high-profile. Ransomware has been happening, but it’s been happening to users at home and small businesses. This is one of the first cases of a very large organization being a victim of ransomware,” Gross said.

Web experts say most ransomware victims don’t want negative publicity, so they pay up and shut up. That may not be their best defense.

“We’ve done a lot of analysis on this topic. Our assessment is this is going to be an enduring threat. It’s important for business owners to stay up to date with the latest trends,” Weinstein said.

Fortunately, Washington Township’s Chamber of Commerce had backed up its files so it created a whole new website and refused to pay the ransom.

“You cannot negotiate with terrorism — at any level, any shape, any amount,” said Robert Timmons.

Experts say for now it’s extremely hard to catch these international hackers. So companies should use the most up-to-date anti-viral software and warn employees to check very carefully before they click.

For more information and to seek assistance, visit New Jersey’s Cybersecurity website.