CybersecurityN.Y. village pays ransom to regain access to hacker-encrypted files

Published 3 August 2015

The village Ilion in central New York paid ransom twice last year — $300 and $500 — to have access to its computers two official-looking e-mails planted malware throughout the village’s computer system. The New York State comptroller’s office has audited 100 municipal computer systems the past three years, and said the experience of Ilion should serve as a warning to others municipalities of the growing cyberthreat – especially attempts by hackers to infiltrate computer systems to make them inaccessible unless ransom is paid.

The village Ilion in central New York paid ransom twice last year — $300 and $500 — to have access to its computers two official-looking e-mails planted malware throughout the village’s computer system.

The New York State comptroller’s office has audited 100 municipal computer systems the past three years, and said the experience of Ilion should serve as a warning to others municipalities of the growing cyberthreat – especially attempts by hackers to infiltrate computer systems to make them inaccessible unless ransom is paid.

The big problem for the village of 8,000 was that the malware infected its financial software. “The payroll, village accounting systems, they were all locked up,” Mayor Terry Leonard said.

Syracuse.com reports that other municipal agencies across the country have also had to deal with ransomware.

In Maine earlier this year, Lincoln County sheriff’s office computers were infected and access to the blocked. Sheriff Todd Brackett said that after several attempts by IT technicians to retrieve the records, his agency gave in paid a ransom of about $300. The FBI tracked the payment to a Swiss bank account, but could not identify the hackers.

In Midlothian, a suburb south-west of Chicago, the village police paid a $500 ransom in bitcoin to get its files unencrypted, after hackers encrypted them to block access to them.

Syracuse.com notes that last year Ilion officials have adopted new security measures and trained staff specifically to watch out for suspicious e-mails. They have been working with the state auditors who identified various security gaps in the village’s computer networks. Leonard notes that they have not had another attack since.

New York Sates auditors who investigated the Ilion case last summer, say that the first e-mail attachment encrypted all data stored in the system. A $300 ransom payment in January 2014 was made as on instructions of the hackers, electronically transmitting the number of a prepaid credit card to a designated portal. Ilion’s technology consultant entered the card number to get the decryption keys.

The auditors found that a second e-mail led to encryption of more databases, and a $500 ransom payment in May 2014.

These incidents should be a wake-up call to local government officials around the state,” Comptroller Thomas DiNapoli said. “While the dollar amounts were small and no vital information was disclosed, this attack shows how the lack of basic IT safeguards can potentially cost taxpayers and cripple the day-to-day operations of municipalities or school districts.”

The auditors noted that that several user accounts for ex-employees had not been closed, generic accounts used by more than one individual, lack of a recovery plan for security incidents with backup data, and staying current about ongoing threats.