This is why Charlotte businesses keep attracting hackers

In the wake of a hacker’s ransom request to Mecklenburg County government, cybersecurity experts say such attacks are a growing problem for Charlotte-area businesses, too.

Home to companies flush with sensitive data, from financial services to health care, Charlotte is an alluring target for ransomware attacks, experts say. In such crimes, hackers using special computer software block a company’s access to its data – unless a ransom is paid to lift the block.

“It’s really the top security incident that we respond to now,” said Tom Tollerton, a cybersecurity expert for Dixon Hughes Goodman, an accounting and advisory firm in SouthPark. “Upwards of half the incidents we deal with when clients call are ransomware-based attacks.”

Nationwide, ransomware attacks are on the rise and becoming more sophisticated, according to the FBI, which reported 2,673 complaints in 2016, up about 9 percent from the year before.

In North Carolina, there were 67 victims of ransomware last year, compared with 66 the year before, the FBI said. The data did not detail who the victims were.

Tollerton cited two examples of Charlotte-area clients who were infected by ransomware in the past year or so.

In one, a healthcare sector client avoided paying a ransom because it had backed up its data and was able to restore its operations, he said. And a small landscaping company paid a ransom of less than $10,000 this year after its only server was infected, he said.

Code for ransomware is widely available for several hundred dollars or less online, allowing a person with no coding skills to target email accounts, Tollerton said.

“If an attacker sends a (malicious) email with ransomware to 10,000 email addresses, and just 1 percent of those users pay the ransom to recover their data, then the attacker has done pretty well, from a financial perspective,” he said.

The rise in ransomware comes as hackers look to cash in on booming use of computers, tablets and other mobile devices.

In some instances, criminals have demanded ransom from smartphone users to unlock their phones. In other cases, emails are sent to people in hopes they’ll click an attachment, activating malicious software that prevents access to data unless ransom is paid.

Cybercriminals sometimes demand payments in bitcoin, a digital currency, because such transactions can be difficult to trace, experts say.

‘Learning by fire’

David Shroyer, a cybersecurity expert in Charlotte who has worked for big banks, said one of the first steps he took at a past employer was to set up a bitcoin account. Even if the company didn’t plan to use it, it needed to be ready in an emergency, he said.

Companies also need to take steps to properly train employees and make sure their machines don’t allow ransomware to be downloaded and spread to other computers, Shroyer said.

“It’s learning by fire,” he said. “They have a period of days or hours to make a decision. It will lock you down. If you’re behind, this will keep happening.”

In one of the most recent cases of a prominent firm paying ransom, Uber disclosed last month that hackers had stolen personal data for nearly 60 million customers and drivers. The ride-hailing company said it kept the breach secret for over a year after paying a $100,000 ransom.

On Wednesday, the FBI advised against paying ransomware. There have been instances where payments were made but organizations never got access to their data, the FBI said, and the payments encourage more cybercrime.

Keith Haskett, CEO of Ballantyne-based Rebyc Security, said the more sensitive or valuable a firm’s data, the more likely it might be targeted by hackers. The financial, health care and insurance industries are particularly attractive, he said. Haskett, like other cybersecurity experts, suggests firms back up any important data that a hacker might try to hold for ransom.

Companies also need to test those backups often to make sure they can restore the data, he said. Having good backups can allow an organization to ignore the ransom request and restore their data from their backup.

In Charlotte, like other parts of the U.S., some companies test their employees’ vulnerability to cybercriminals. In one test, companies place a flash drive in the parking lot to see if an employee would insert it into a company computer.

At Charlotte-based Duke Energy, employees are occasionally sent suspicious-looking emails to see if they will click on links or attachments, spokesman Randy Wheeless said. The years-long practice is meant to make employees more vigilant about cybersecurity.

“It’s just a good reminder to employees about ... clicking links that we’re not absolutely sure about,” he said.

Deon Roberts: 704-358-5248, @DeonERoberts