At first glance, it seemed like a normal email. The subject line read simply “Postal Service Notification.” But after one Clarkfield city employee accidentally opened the attached file, it became quickly obvious that it was no ordinary email.
“It was a crypto virus that spread through our mapped drive, ransoming all files that it could attach to,” said Deputy City Clerk for Clarkfield, Teather Bliss. In a matter of seconds, the virus had encrypted every single file stored on the infected computer, effectively locking the computer. Additionally, the virus froze files shared with other computers in the office.
The cyber attack targeting Clarkfield’s municipal government is just the latest in a string of malicious crypto viruses plaguing computers systems all over the globe. Common viruses like WannaCry and Petya are responsible for targeting everything from small businesses and personal email to government agencies and large corporations.
So, what are crypto viruses? In a nutshell, it is a computer virus that forcibly encrypts folders, thus changing the code and making them inaccessible to the user. The virus is usually sent to the victim in an email (often disguised to look authentic or official). When the victim opens an attachment, it releases a malware that encrypts personal files on the computer. Because only the attacker knows the cipher to decrypt the files, the victim is powerless to stop the virus. Sometimes, attackers send ransom notes demanding payment in return for regaining access to locked files, which is often paid in bitcoins (an electronic currency used to make the attacker untraceable).
While crypto viruses have only recently become a topic of interest among the general public, it is much older than many people realize. Early versions of the virus were first developed in the late 1980s (although the malicious encryptions proved easy to break). While later viruses slowly became more effective, their popularity among hackers took off with the development of electronic money in the late mid-2000s which facilitated payments while shielding attackers.
Many large companies and governments are usually well insulated from these attacks, but smaller entities and private citizens are the most vulnerable. Growing awareness of the threat is helping small organizations become better prepared. According to the Ponemon Institute’s annual security tracking study, spending on IT security for small companies has increased from 4.9% in 2010 to 7.9% last year.
Immediately after the attack, the Clarkfield city office contacted their software company, Banyon Data Systems to alert them of the breach. Thankfully, the company was able to retrieve information saved to their site backup. “Fortunate for us, we only lost a week of information [...] which is minor to what could have happened,” said Bliss.
After restoring the saved data, the city office was able to work with their local IT person, Dave Rupp, to “truly identify the problem and assess what could be done to correct the problem and mitigate the risk in the future,” Bliss said. Rudd assured Bliss that no data was taken from the computers by the virus. Rudd also cleaned the hard drive, permanently ‘deleting’ the virus from their system and ensuring the system could restart safely.
For the city of Clarkfield, like many other small entities across the world, the recent viral attack has been an important learning opportunity. Asked how things are changing, Bliss said that “staff is making sure that they pay very close attention to suspicious emails and to not open anything they are unsure about.” She also added that the office was adding a new computer to house a copy of the office drive (in case another attack ever succeeded in wiping the office computers).
Bliss hopes that others in the area are preparing themselves for future threats. She wants others in her position “to be aware of suspicious emails with attachments,” adding that “if there is any hesitation on what the email could contain the best option is to just delete it.” Another important tip she has for others is to back up information in an external hard drive. While we cannot change the realities of living in an age of computers and technology, we can take small, common-sense, steps to protect our information from potential threats.