The city of Nevada did everything right in June of this year, when a hacker trying to hold city files for ransom was detected quickly and dealt with swiftly.
Cathy Jager, administrative assistant with the Nevada Police Department and who also helps out with a lot of the city’s computer issues, and Craig McClanahan, owner of Computer Resource Specialist in Ames and the city’s on-call IT person, shared the Nevada City Hall computer hacking experience with members of the Story County Local Emergency Planning Committee (LEPC) at the group’s quarterly meeting last Thursday. LEPC meetings are held in various locations in the county and are set up through the Story County Emergency Management office. Last week’s meeting was held at Nevada City Hall.
Jager started the presentation by saying that on June 2, the city administrator called her and said, "I think we’ve been hacked." Jager said files on Elizabeth Hansen’s computer were changing dates and reloading.
"I called Craig," Jager said, and "he said ‘unplug your server.’"
McClanahan said that he suspected right away that one of the computers, of the approximately 20 at City Hall, had inadvertently gotten into a ransomware virus. "We knew that if the server kept running, we could lose a lot of things. What a ransomware virus does is make as many files as it can unavailable to you … and they charge you to get your files back." He said the ransomware viruses are created by a crime syndicate out of Asia.
McClanahan said it’s interesting, because the city isn’t a big company with competitors, so it doesn’t normally have a lot of security concerns. "(The city) has a network-wide security parasite system and this had gotten beyond that," he said.
McClanahan came in and they did a machine-to-machine scan, quickly finding out which machine was the culprit. The virus, he said, encrypted what was on the machine’s C drive and then jumped to the map drive, and the ransomware was intelligent enough to seek out the most important files first, he said.
Luckily for the city, the virus was caught early and the city got its server shut down quickly. The other important factor, McClanahan said, was that the city had good backup. "They were able to bring up the previous night’s backups" and nothing was lost. McClanahan emphasized to those present that backups, while they may not always seem that important, are very important. Another company he had worked with had a similar virus that got further into their system, and then they realized their backup hadn’t been working for three months.
One thing that is good about the city of Nevada’s backup system is that it is one that is outside the building - just in case of something happening at the building.
McClanahan said the way a lot of viruses get into a computer system is by a user clicking on an attachment that is set up to look like something they need, or by innocent Internet surfing. Many websites, he said, carry viruses, so if you click on one that is unprotected, you could pick up a virus. As for attachments, he said, one thing that people can do to help protect themselves is to turn off the Windows default that hides the suffixes on what you are opening. Because those suffixes are hidden, you don’t know that a file may not be the type you would usually open.
Jager, who two weeks prior to the hacking indicent had been to a computer training that featured a professional hacker now employed by the FBI, realized that training is very useful. "We never thought (hacking) would happen to a small town like us … but boom. They don’t care who you are," she said.
McClanahan said for all businesses, government entities and individuals, "education of the users" is the main goal. "We’ve got to be suspicious in this day and age. You have got to be suspicious about everything. It’s a dangerous world out there."
Jager shared that through the FBI she was made aware of a website: hp.ipviking.com, which shows all the cyber attacks going on at any given time.
LEPC members asked some questions about other cyber attacks in the news and other ways that people are capable of causing harm through technology. "This (hacking and doing harm to others) is a real job for people," Jager said. "It’s sad, so sad."
McClanahan was asked if online banking is safe. "It’s safe to do if your computer is safe," McClanahan said. "Have the most up-to-date anti-virus program and a couple programs that sit there and look for stuff that doesn’t look right." And the main thing, he told everyone, "don’t download things. Because when you do, your download brings friends with them. If you are safe with surfing and email, you are OK."
The final part of the conversation was about passwords. Jager said she learned at her computer training that most passwords don’t take computer hackers long to hack. One of hers was hacked in about six minutes.
"You’ve got to get into characters and mix it up. Make it so it’s not worth their time. Make it strong - long and with lots of special characters," McClanahan advised.
Jager said she now has a password that is 16 characters long and would take years to get into. She advised that people can go to the site: howsecureismypassword.net to test the strength of their own passwords.
"The old thing about writing down your passwords in a notebook," McClanahan said, "that’s the safest means of keeping your passwords now. Don’t keep them online or on your phone."