Ransomware


DLS

The DLS newsletter also had this article on ransomware –



Local Officials Directory

Municipal Calendar

IGR’s & Bulletins

Workshops, Seminars & Events

What’s New?

City & Town is published by the Massachusetts Department of Revenue’s Division of Local Services (DLS) and is designed to address matters of interest to local officials.

Editor: Dan Bertrand

Editorial Board: Sean Cronin, Anthonia Bakare, Robert Bliss, Linda Bradley, Nate Cramer, Patricia Hunt, Tara Lynch and Tony Rassias

In this Issue:
Leveraging the Power of Data

Happy St. Patrick’s Day!

It’s now been just over a year since I began my tenure at the Division of Local Services. Having served as a local official, I interacted regularly with DLS in a number of ways over the years, combing through data, reviewing best practices, obtaining opinions from the Municipal Finance Law Bureau, and depending on Bureau of Accounts and Bureau of Local Assessment field staff to work with the finance team we had in Brookline in order to get the tax rate approved. However, it wasn’t until I came on board that I was able to appreciate the scope of work DLS is tasked with and the many ways in which we help municipalities achieve and maintain financial stability.

It is because of this combination of regulatory responsibilities, the depth and breadth of our municipal finance data, and the knowledge of our staff that I believe we have the capacity to provide significant insights and direction to municipalities that will allow them to recognize potential challenges and address them before they impact the overall fiscal health of a community.

I strongly support using data as a means to drive municipal innovation and address potential financial pitfalls and challenges, and this will be our focus at DLS in the coming weeks and months. To that end, we will provide additional tools and support best practices that utilize data. Here’s how we’ll do it.

351 Report

Still in early development, I envision this report as a way to utilize a set of standardized metrics and variables (for example, receivables, reserve levels, debt, new growth, etc.) to provide a useful snapshot of a community’s fiscal health. It will have broad utility as an information tool. As we found with the improvements to our website, particularly with our databank reporting tools, data visualizations project information in a way that can be reviewed and interpreted by a broad range of people from local officials to residents.

Increased analytic review and data analysis in City & Town

These types of pieces in our municipal finance e-newsletter take the most time and effort from our staff, but they are extremely beneficial to our partners in municipal government. Judging from past survey results, statewide trend analyses and articles that comprehensively review data are exactly the types of articles our readers appreciate. Our dedicated staff is committed to providing these types of contributions to our publication, and I thank them for that as we move forward.

Web-based tutorials

For quite some time, we’ve heard feedback from across the state regarding the need for more online tutorials and information. As part of these efforts and with the goal of one day providing a fully online version of our Assessment Administration: Law, Procedures and Valuation (aka Course 101) seminar, I’m pleased to announce that we’ve taken the initial step toward this goal with our new Proposition 2 1/2 YouTube videos. We’ll be rolling out more of these informational vignettes over the coming year, but, for now, take a look and feel free to access the videos as you see fit!

I welcome and appreciate your feedback. If you have ideas for articles and analyses you’d like to see, as always, I’d like to hear from our colleagues in local government as we go forward. If you have any comments or suggestions, please pass them along by emailing me at croninse@dor.state.ma.us. Thank you.

Sean R. Cronin
Senior Deputy Commissioner of Local Services

Protecting Your Computer Network from Malware and Ransomware
Susan Whouley – Bureau of Accounts Analyst, Kirsten Shirer-Taylor – Director of Information Technology and Tony Rassias – Bureau of Accounts Deputy Director

Maintaining the public trust is of paramount importance at all levels of government. In our digital world, this means safeguarding a tremendous amount of data – a task that is increasingly difficult, as a number of Massachusetts communities are well aware after having their IT infrastructure attacked by cybercriminals.

This article includes tips on how to protect your IT resources from cybercrime and shares one town’s experience dealing with a specific ransomware attack.

Malware

Malware, short for malicious software, is a general term for any software installed by a cybercriminal to disrupt computer operations or gain access to computer systems or information with malicious intent. Malware comes in a variety of forms (viruses, worms, trojans, ransomware, spyware, adware, scareware, and others) and is often embedded in email or disguised as a common file like a Zip file or PDF.

Recent Reports

In one well-publicized report, hackers attempted to gain access to a Massachusetts town’s finances in an attempt to transfer $4 million from its bank accounts to several overseas and domestic banks. Keylogging malware on a town computer and a deceptive phone call to a town office gave the criminals enough information to make the attempt, which was ultimately stopped by the town’s financial advisory service with no financial loss. The town appropriately responded to this event by hiring a consultant to perform a security audit of its entire IT system, after which improvements were made to both IT infrastructure and internal policies.

Another common threat is a ransomware attack where cybercriminals use email to deliver and install a malicious program like CryptoLocker or WinLocker to lock screens or encrypt and lock important files. In several Massachusetts communities, CryptoLocker infections have effectively disabled departmental or entire computer systems, sometimes including backup systems, with criminals demanding ransoms between $300 and $750 payable in Bitcoin (a form of digital currency) in exchange for unlocking the files. In most cases, after numerous unsuccessful attempts to unlock the files, the communities were forced to pay the ransom to regain access to mission-critical data. In those cases, the data was successfully restored after payment. For contrast, the story of one community that chose not to pay the ransom follows.

We’ve been hacked!

The town of Royalston discovered a notice on a town computer stating that the computer’s files had been encrypted and that a $300 ransom must be paid within 72 hours or else files would be destroyed. The attack is presumed to have begun by the opening of an infected email.

Having never been attacked by such a virus before, the town wasn’t fully prepared. The town was fortunate, however, in four ways:

  1. The computer was connected to the Internet only and was not networked to other computers in town hall;
  2. The computer was used for administrative operations and did not contain personal, financial or other critical information;
  3. A backup existed to recover the user’s email; and
  4. The town had a computer expert nearby.

Jon Hardie, husband of town tax collector Rebecca Krause-Hardie and an IT expert whose background includes serving as the Director of Technology Initiatives for the Nellie Mae Foundation, advised the town to disconnect the computer from the Internet but to leave it turned on until he arrived at town hall. According to Jon, “Ransomware sends an encryption ‘key’ to the infected computer that can unlock files after a ransom is paid. Turning off the computer deletes the key or sends it back to the hacker and any option to pay the ransom is probably lost.”

While Jon worked on the infected computer, Rebecca sent an email from her computer to all town staff warning them not to open any emails sent from anyone they didn’t know, especially one entitled “admin,” which they suspected was the source of the malware.

Town administrative officials then quickly met to determine their options. There were few: either pay the ransom and hope the files would be unlocked with no further complications or don’t pay the ransom and attempt to rebuild files.

They decided not to pay. Jon arrived with a USB thumb drive containing software designed to combat ransomware, which he downloaded and installed on the infected computer. After much time was spent, the computer’s files were successfully reconstructed.

To guard against future incidents, the town instituted the following changes:

  • New firewalls were created;
  • Antivirus software with automatically renewing licenses was installed on every non-networked town computer;
  • Additional file backups were put in place;
  • More complex passwords were required; and
  • Staff was trained in proper computer use.

In addition, Jon was hired as an IT consultant to continue the process of risk management. The Board of Selectmen added support by distributing policies concerning appropriate use of town computers and by making funds available for implementing security improvements.

Protecting Municipal Digital Assets

Protecting your computers and network infrastructure should be a group effort, because no one person or department can provide complete security against malware and ransomware. In addition to the steps taken by Royalston, DLS recommends these best practices to protect your computers and network against malware:

  • Be proactive: identify an individual or committee to spearhead efforts for improving cybersecurity, and commit to providing adequate financial, political and human resources. Don’t wait for a worst-case scenario; plan for it now.
  • Use the services of a professional IT consultant or company if you don’t have IT pros on staff.
  • Keep all computer operating systems up to date.
  • Ensure that firewalls and Internet security software are in place and kept up to date.
  • Include cybersecurity in any risk management program or exercise.
  • Develop and implement a comprehensive backup and recovery strategy.
  • Regularly test backups to make sure critical files can be successfully restored.
  • Allow users to download and install files only when necessary.
  • Educate users early and often on the importance of following “safe browsing” and other acceptable use policies.
  • Limit the use of municipal computers to municipal business. Give municipal users email accounts on the city/town domain to eliminate the need for using personal email accounts.
  • Enable the built-in security tools available in all major web browsers and keep the browsers updated.
  • If the worst does happen, alert local law enforcement so steps can be taken to try to identify the criminals.

Read More about Malware, Ransomware and Related Topics

FBI Cyber Crimes Stories
New E-Scams and Warnings

File an Internet Crime Complaint

Taking Steps to Protect Privacy and Control Losses

The authors would like to thank Jon Hardie and Rebecca Krause-Hardie of Royalston for their contributions to this article.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s