A central Pennsylvania newspaper’s production was hit by ransomware, locking files critical to the printing of their daily edition.

A similar disabling attack targeted a major broadcasting company.

With downtime factored in, ransomware cost US companies US$20bil last year, according to the Department of Homeland Security. It raised gas prices after the nation’s largest fuel pipeline was hacked, and in one lawsuit filed in Alabama, a hospital suffering from a ransomware attack is being blamed for the death of an infant, NBC News is reporting.

Ransomware schemes target just more than businesses - police departments, hospitals and individuals have all fallen prey to the insidious attacks carried out not just by individual hackers, but by criminal organisations, too.

“It’s become a business model. They have people on payroll,” Arielle Baine, cybersecurity advisor with the Department of Homeland Security’s Cyber and Infrastructure Security Agency, said about cybercriminal groups. “This is concerning. It’s one of the things that keeps me up at night.”

And it’s become much more sophisticated.

“Initially, ransomware attacks were where a user might click on a link in a phishing email, which is still very prevalent, but now it’s advanced, like with Colonial Pipeline attack,” said Bruce Young, who leads the cybersecurity operations and control management program at Harrisburg University. “The bad actors actually hacked in or penetrated the Colonial Pipeline’s network, then used ransomware to encrypt and take their data hostage.”

It’s a problem that has only gotten worse during the pandemic. Last month, we had a local example.

LancasterOnline reported that a ransomware attack hit the news organisation’s owner, Steinman Communications. The attackers demanded the company pay an undisclosed amount of money to unlock files critical to the printing of their daily LNP paper and its weekly papers.

The news organisation’s operations were significantly hindered after the Sept 30 attack, and recently, they thanked their readers for their patience and support as they painstakingly rebuilt their systems from the cyberattack.

Similarly, Sinclair Broadcasting was hit by a major cyberattack last month, leaving the company scrambling to restore its system, CNN is reporting.

While the company said all of its stations and regional sports networks were on the air and that network shows and major sports programming were being broadcast, reports indicate the attack impeded the production of many local newscasts, leaving staffers with no email, phones, file video or graphics.

On a larger scale, the Colonial Pipeline hack in April resulted in fuel shortages across the East Coast and showed just how damaging these attacks can be. This particular hack was the result of a single, compromised password, Bloomberg is reporting.

“It’s a wakeup call to take this threat seriously,” Baine said.

Changes during the pandemic may have fuelled the increase in ransomware events, which Young said increased 700% in 2020.

“When we all started working remotely, it happened so quickly that some organisations didn’t have the necessary infrastructure to support their employees working from home,” Young said. “Some people might have been connecting to company computers with home computers.”

These home computers could have been exposed systems that are now connecting in remotely to their employers’, setting the stage for some bad actors to move in and attack, Young said.

While organisations like the Department of Homeland Security are endlessly trying to combat the problem, even the best efforts fail at times.

“As cyber defenders, we have to be right all of the time,” Baine said. “These attackers only have to be right once.”

There are some steps that can be taken to try to prevent attacks, according to experts.

The first is for businesses and individuals to ensure they have a strong cybersecurity strategy in place to defend against threats, Young said, adding that threat-detection capabilities are built into many security controls, like firewalls.

“The threats go beyond just ransomware,” Young said. “To protect organisations from bad actors, you have to have detection mechanisms in place so that if someone is trying to break into your environment, you are alerted and you know your protection mechanisms are working, and if there is a failure, you want to be able to react and recover.”

Some of the most vulnerable businesses are the smaller or medium-sized companies that may not have their own cybersecurity teams. But Young said these services can be outsourced, or a security expert can be brought in to do an assessment to identify any potential gaps in security.

Another key, Young said, is backing everything on another storage device. With today’s technology, it’s also possible to take a “snapshot” of your files, he said, and as long as the ransomware does not impact the snapshot, your files can be quickly recovered.

Businesses should work with their Internet service providers, too, and understand what kind of security services they provide.

The Department of Homeland Security officers a website with additional tips and useful practices.

They also make these recommendations:

- Regularly maintain offline, encrypted backups of data and regularly test your backups,

- Update software and install patches,

- Run up-to-date antivirus software,

- Use strong passwords. A password manager is a great tool to help track and create strong passwords,

- Implement multi-factor authentication, where you log in using a password and something else - like a code texted to your phone - to verify it’s really you,

- Install and enable a firewall.

The department also recommends being on the lookout for these top signs of phishing schemes, where bad actors send emails or other messages asking you to click on links or provide information that can compromise your security:

- Suspicious sender’s address that may imitate a legitimate business,

- Generic greetings and signature and a lack of contact information in the signature block,

- Spoofed hyperlinks and websites that do not match the text when hovering over them,

- Misspelling, poor grammar or sentence structure, and inconsistent formatting,

- Suspicious attachments or requests to download and open an attachment.

 - TNS