Hackers are increasingly attacking local governments with cyber attacks for financial gain.
This week, hackers successfully infected government servers with malware in North Carolina, which prevented Mecklenburg County officials from shutting down. ] The hackers demanded $ 23,000 in exchange for unlocking the stolen files. The officers refuse to pay, which means they will have to rebuild their systems from scratch.
The ransomware attack is simply the latest hacker attack on local communities and organizations that lack the funds and resources of US corporations to defend against sophisticated cyber threats.
"It has a hugely disturbing impact on the functioning of local government," said Ryan Kalember, senior vice president of cybersecurity strategy at Proofpoint, about the attacks.
Ransomware, which has been on the rise since 2015, is a type of malware delivered through a malicious link, email or other means that seizes the victim's computer and encrypts the data, blocking the user from his system. Then, the perpetrator demands payments to unblock the information, generally made in bitcoin, a type of digital currency that has skyrocketed in value in recent months.
The threat gained mbadive public attention in early 2016, when Hollywood Presbyterian Medical Center paid $ 17,000 to hackers to unlock their networks.
Hospitals have become a popular target for hackers looking for a fast payday and recent events also point to local governments as a primary goal.
In September, officials in Montgomery County, Alabama, paid hackers more than $ 40,000 in bitcoins to recover large amounts of stolen data a week after their networks were hit with ransomware.
"You do not think about these things until they happen," said Elton Dean, the chairman of the county commission, at the Montgomery Advertiser at the time. "When you're talking about losing about $ 5 million in files, it's like an emergency situation."
Local school districts have also been victims.
A school district in Dorchester County, South Carolina, found its servers infected with ransomware during the summer, forcing officials to pay a ransom of $ 2,900 to recover the stolen information.
In September, a hacker named "Dark Overlord Solutions" attacked a complete school district in Flathead Valley, Mont., Penetrating district servers and stealing confidential data from students and staff. The hackers threatened to divulge the information if a ransom was not paid.
The attacks are drawing attention on Capitol Hill.
"They have become our opponents' favorite weapons to negatively affect Americans at home," Sen. Steve Daines Steven (Steve) David Daines Finance during the night: House approves motion to go to the tax conference – with drama | Republican leaders must consider the spending bill of December 30 | Skeptical judges banning sports betting | Mulvaney will not fire an official who sued him Next week: the house is discussed in the expense account | What's next in the tax reform? Panel to vote on candidate for president of the Fed This is a bill of taxes, not a tax reform MORE (R-Mont.), He said during a hearing of the National Security Senate on Wednesday. "We had a cyber attack at a Montana school in Columbia Falls by an actor abroad, it forced the closure of several schools, it affected more than 15,000 students."
Experts say that local governments have been disproportionately attacked because they typically lack the resources to respond to cyber incidents, making them more likely to pay the ransom.
"These types of criminals like others tend to look for low fruits, unless it is a state actor that is looking for some kind of impact," said Douglas Henkin, Washington attorney specializing in cybersecurity.
Security and cybersecurity experts strongly recommend against the payment of ransoms because it does not guarantee that hackers will return the data and could encourage new attacks.
"Please do not pay a ransom without talking to the police," said former FBI Director James Comey at a 2016 security forum  The problem is complicated for local organizations that lack copies of adequate security of their systems. They must pay a ransom or take on the arduous task of rebuilding stolen systems from the bottom up, and possibly more expensive.
In the case of Mecklenburg County, officials expect the reconstruction process to take several days. .
"I am sure that our backup data is safe and we have the resources to resolve this situation ourselves," said Dena Diorio on Wednesday afternoon. "It will take time, but with patience and hard work, all our systems will work again as soon as possible."
Possible hackers can buy ransomware kits on the dark web, which makes it easier than ever to target vulnerable organizations with this type of malware.
The application of federal law has had some success in the fight against ransomware attacks, despite the broader difficulty of tracking the perpetrators.
"Particularly when attacks become more sophisticated, it is still difficult to identify and prosecute malware senders," Henkin observed, "but there are cases in which authorities published decryption keys for certain varieties of ransomware, eliminating the need for victims of those strains to pay ransom or use other techniques to regain access to their data. "
The Department of Justice has tried to crack down on these illegal markets, closing the vast dark AlphaBay market during the summer as part of of a joint operation with authorities in the United Kingdom, the Netherlands, Thailand and several other countries.
The Department of Homeland Security, which is responsible for protecting the critical infrastructure from cyber attacks, also says it is working with the public and private sector sector to combat the ransomware threat. Mecklenburg County officials said both the FBI and Homeland Security had contacted them about the recent incident.
"We share information on timely and actionable threats and mitigation strategies to help protect networks and systems we all trust," a National Security spokesman told The Hill. "Upon request, DHS has a cadre of cybersecurity professionals who can provide technical badysis and badistance during an incident for the affected entity."
Still, experts predict that the threat of ransomware will continue to form, given the potential gains and comparatively small risk for hackers.
Some say that targets could evolve as criminals identify other vulnerable victims.
"The number of victims is likely to increase," Henkin predicted. "Although the incidents reported yesterday and today involve local governments, you are likely to see different objectives at different times because these actors are extremely opportunistic."