About Adam K Levin | Contact | Videos

Alabama ransomware attack: think before clicking on emailData Security


Share

Last week, if you wanted a vehicle tag or a license in Montgomery County, Alabama, you were out of luck.

Hackers request bitcoins Hackers knocked many county computers offline with a ransomware attack, local officials say. The probate office took the worst of the attack, which hit late Monday, so business licenses, marriage licenses, and vehicle tags were all unavailable. (Driver’s license systems were not impacted.) So was the county sheriff’s website.

We noticed the system was acting up at about 4:55 p.m. Monday, and this morning we were locked out. That’s when we were given a ransom. They said they wanted ‘bitcoins,’” Hannah Hawk, manager of public affairs for Montgomery County, told the Montgomery Advertiser. “Due to the attack, the county’s system has been locked up, and services the county provides will be impacted.”

In what may or may not be a related incident, security firm Barracuda Networks said it was monitoring widespread ransomware attacks that began last Monday. The firm says it detected some 20 million booby-trapped emails laced with ransomware during a single 24-hour period; an update says a total of 27 million emails have been captured.

These attacks are wrapped in either an Herbalife-branded email or a generic email that impersonates a ‘copier’ file delivery,” Barracuda said.

Emails come from around the world

A majority of the emails originate in Vietnam, the firm says, but some also are sent from computers in India, Colombia, Turkey and Greece.

As is typical in a ransomware attack, victims who are tricked into opening the attached file can have their files encrypted and must pay the attackers to restore those files.

Consumers should never open unexpected attachments, even if they appear to come from friends or trusted companies.

Small government agencies in cross-hairs

Local government computer systems are a favorite target for hackers; many smaller agencies have fewer resources to keep security systems up to date. There were several similar incidents in Ohio last year. One county’s court systems were locked, and the agency ended up paying $2,500 to restore them, for example. The problem got so bad that Ohio Auditor of State Dave Yost actually held a news conference urging local governments to stop falling for the scams.

We’re not the first entity to go through this. We are working diligently to get things restored,” said Lou Lalacci, Montgomery County’s chief information and technology officer, to MontgomeryAdvertiser.com. “No personal information has been compromised.”

This article originally appeared on ThirdCertainty.com and was written by Bob Sullivan.