Until this week, many Charlotte-area folks had only a vague familiarity with terms like ransomware, worms, spyware, phishing and even bitcoin.
To them, the news that hackers had seized Mecklenburg County government’s computer files and were demanding a ransom sounded like something out of a high-tech spy movie.
In reality, though, the episode is not as peculiar or distinctive as some think. Indeed, these kinds of attacks are proliferating rapidly, and Mecklenburg is just the latest traveler to suffer a flat tire on the digital highway.
Mecklenburg County Manager Dena Diorio announced Tuesday that the county was “paralyzed” after hackers infiltrated the county’s servers. They demanded two bitcoins, or about $26,000, to give Mecklenburg the key to decrypt the files. Hackers often use bitcoin, a virtual currency, because it is extremely difficult to track. Diorio said Wednesday the county believes the hackers are based in Iran or Ukraine.
The cyber criminals did not target Mecklenburg specifically in all likelihood. They cast a wide net, and a county employee opened an attachment that contained the ransomware that quickly spread.
It’s just that easy these days. As our world grows ever-more dependent on digital information, cybercrimes become more common, to the point that ransoms are almost a cost of doing business. A growing number of businesses, such as Equifax, and governments such as Montgomery, Ala., have discovered that.
Diorio and the county faced a difficult decision Wednesday on whether to pay the ransom. It seems an outrageous demand to which governments should not cave. Paying it only emboldens future hackers and does not guarantee the safe return of the servers.
In the end, though, the choice boils down to a cost-benefit analysis. At the core of that evaluation: Would the county spend considerably more than the ransom to fix things on its own? It’s entirely possible.
Governments, businesses and even individuals should expect the problem to get worse, not better. Hackers are growing more sophisticated by the week, always staying a step ahead of the good guys. The firm Cybersecurity Ventures predicts ransomware damage will more than double from $5 billion this year to $11.5 billion in 2019.
The culprits almost never get caught, and the incentive to play the game has only gotten tastier as bitcoins increase in value. (The value of one bitcoin has rocketed from $1,000 at the beginning of this year to about $13,000 on Wednesday.)
Keith Gregg, Mecklenburg County’s chief IT officer, was asked Wednesday what the county is doing to ensure a hack like this doesn’t happen again. He did a nice little dance, but basically had no answer. And who can blame him? IT departments have to strive constantly to keep up with threats, and employees must be reminded to be vigilant about opening suspicious emails and attachments.
But the truth is, the criminals are winning in the digital world right now, and the rest of us can only hope we’re not the next victim.