Snoqualmie IT director discusses Duvall hack, how to protect your own data
Published 10:57 am Wednesday, April 20, 2016
While the recent hacking of a Duvall Fire District computer resulted in the city of Snoqualmie having to pay a $750 ransom, it could have been worse. A lot worse.
“This was not a targeted attack because the ransom would have been much higher,” said P.J. Rodriguez, information technology director for the city of Snoqualmie.
“Just about a month ago an L.A. hospital paid about $40,000 for their data. This happens a lot.”
In late January 2016, an administrative staffer at Duvall Fire Protection District 45, opened a fake invoice email that encrypted all of the files on the computer, locking away important information and holding it for ransom.
When the computer was infected, the fire district called Snoqualmie. The fire district contracts with the city of Snoqualmie’s IT department to provide technical support on a month-by-month basis.
Snoqualmie IT visited the fire district’s office and did some verification and forensics to find out what had happened.
“We realized this was a ‘cryptolocker’ event,” Rodriguez said. “It’s a nasty virus and there is no good defense mechanism against it, it’s not your typical virus. If you get sick, we have vaccines, there is a specific strain and a pattern you can look at and vaccinate. Cryptolocker is different; it takes many forms, it could be a simple executable (file), a website that you had no idea was infected, it could be an ad that shows up.”
The IT team spent two days looking for recovery methods for the lost data. There were no recent backups available because the fire district was in the middle of transitioning to a new system.
Snoqualmie’s IT team was able to decrypt some files, but the majority of what was lost could not be recovered.
The only option left at that point was to pay the ransom, specifically in bitcoin as stated by the cryptolocker.
“This was a conundrum, it was a first for us, we were not familiar with how to get bitcoin so we did research,” he said. “We had to purchase tokens which we then redeemed online which gets translated to bitcoin… then we transferred it to their bitcoin wallet.”
While having backups and anti-virus software is very important, the last line of defense is the user. Being diligent with unsolicited email and staying informed on how these things happen can make all the difference.
For the average user, Rodriguez said, taking these steps can be vital to protecting your information.
“I think one of the biggest things is you really have to be suspicious of unsolicited email, emails asking you to do things. If it’s asking you to do things like provide information and remove certain settings, your own applications will give you warnings, usually you have to be cautious,” he said.
“Sometimes it can take the form of something very legitimate looking. The email address is what you have to look at, if it comes from a domain that doesn’t look familiar, that’s being spoofed and you have to stop and delete the email,”
“If any email is suspicious, just delete it. Spammers or people sending viruses are not going to email you back,” he added.
