Ransomware, something most of us hadn’t heard of 10 years ago, is now such a growing problem for governments and businesses that companies exist solely to negotiate with hackers when it occurs.
And it occurs all the time. The Lincoln County School District was attacked last year, with hackers demanding money in exchange for the keys to decode the school district’s stolen data.
A ransomware attack Nov. 4 shut down technology in the district. Phone lines and internet Wi-Fi were knocked out and files on infected computers were scrambled. The district hired a company to help negotiate with the hackers. Ultimately no ransom was paid.
According to a company that sells ransomware protection services, more than 100 municipal governments and agencies were attacked in 2019. Another 764 healthcare providers and almost 90 colleges, universities and school districts were attacked.
In some cases, 911 services were interrupted, surveillance systems were taken down, jail doors couldn’t be opened remotely and medical records were inaccessible.
It’s unclear how many affected agencies and businesses paid ransoms to get their data back, but some estimates put the total financial impact at $7.5 billion for 2019.
The State Auditor’s Officer released a report last year that said many of the state’s agencies, boards, commissions and universities were susceptible to a cyber attack because they are failing to adhere to state cyber security laws.
The report found over half of all respondents are less than 75 percent compliant with state cyber security laws.
Most private businesses are likely at risk, too. The Lincoln County School District was somewhat prepared. It had cyber insurance, which paid for the companies hired to deal with the attack.
But insurance doesn’t prevent an attack.
We encourage all local government agencies, schools and private businesses to take cyber threats seriously. Given that private information is at risk, government agencies should ensure they are following state law when it comes to cyber security. We trust government agencies with Social Security numbers, birth dates, addresses — all the information needed to steal our identities. Securing that data should be a top priority.