Cybercrime a growing threat for local businesses, governments

7/9/2017
BY TYREL LINKHORN 
BLADE BUSINESS WRITER
  • Hacking9

    Cybercrime is a growing threat for area businesses and governments, with the Rudolph Libbe Group and the city of Toledo among recent regional victims.

    BLADE ILLUSTRATION/JOE LANDSBERGER

  • Late last November, Keith St. John received a jarring notification — there had been some kind of intrusion into Rudolph Libbe Group’s computer network.

    The attack was caught quickly, but in some respects the damage already had been done.

    Cybercrime is a growing threat for area businesses and governments, with the Rudolph Libbe Group and the city of Toledo among recent regional victims.
    Cybercrime is a growing threat for area businesses and governments, with the Rudolph Libbe Group and the city of Toledo among recent regional victims.

    Walbridge-based Rudolph Libbe had fallen victim to ransomware, a particularly loathsome hack that within seconds can encrypt and secret away huge amounts of data that can only be recovered by paying off the hackers.

    “We rely on technology at a level we don’t acknowledge so many times,” said Mr. St. John, the company’s director of information technology. “If you have this type of exposure or risk, and you’re not prepared for it, it can definitely impact your business.”

    In some ways, Rudolph Libbe was lucky — by catching it early and having a robust cybersecurity plan, the firm had prevented it from spreading throughout its entire network. 

    Even so, important information was inaccessible.

    The company does back up its data, but after consulting with their cybersecurity firm and their cyberinsurance provider, the contracting firm decided paying the ransom to unlock everything was potentially less disruptive and hopefully abate any lingering risk.

    The cost? $30,000, paid in the online currency Bitcoin.

    “Most of our systems were back up and online within three days,” Mr. St. John said. “We were pretty fortunate in that regard. It didn’t really impact our business.”

    A forensic analysis also found none of the data had been stolen.

    Since the very early days of Internet, there’s been an ongoing cat-and-mouse game between cybersecurity gatekeepers and the hackers looking for a break in the defenses.

    Lately, the hackers seem to be getting more adept at finding and exploiting vulnerabilities.

    In May, a worldwide ransomware attack dubbed Wanna Cry spread to hundreds of thousands of computer networks, including the United Kingdom’s National Health Service. Last month, a separate global ransomware attack spread through thousands more systems, including those of snack maker Mondelez International and drugmaker Merck.

    But as the attack on Rudolph Libbe shows, it’s not just Fortune 500 companies who are at risk.

    “Everybody focuses on major companies and major countries that are impacted by this. We see the whole spectrum though,” said Jay Yeater, a spokesman for CentraComm, an IT security and infrastructure provider in Findlay.

    CentraComm recently was contacted by the owners of a mom-and-pop company in the real estate industry who had been hit by ransomware. Someone checking email had opened what they thought was an innocuous document.

    Within an hour, the company’s entire system — from email to appraisal history — was fully encrypted.

    “We have no magic code or solution we can do,” Mr. Yeater said. “Basically they have lost the first 15 to 20 years of their company’s history right there.”

    Research from Symantec, Inc. found an increase in ransomware attacks 36 percent nationwide between 2015 and 2016.
    Research from Symantec, Inc. found an increase in ransomware attacks 36 percent nationwide between 2015 and 2016.

    Research from Symantec Corp. found more than 460,000 ransomware attacks had occurred last year, up 36 percent from 2015. The average ransom sought was nearly $1,100 last year, up from about $300 in 2015.

    Ransomware is far from the only cyber threat, but the nature of how it works can make it a particularly troubling issue.

    “Encryption has always been seen as a strong tool against stealing your data. What they have done is turned this weapon we had to protect ourselves, now they’re using this weapon against us,” said Ahmad Javaid, an assistant professor in the University of Toledo College of Engineering who studies cybersecurity.

    Mr. Javaid said small businesses may be at greater risk because their budgets for cybersecurity defense or hiring full-time IT staff is limited. There’s also a false sense of security for businesses and home users who think a basic antivirus program either installed on their computer or provided by their Internet company is enough.

    “Ransomware is a completely different class of software. It doesn't fall into the class of virus, so antivirus usually can’t protect you,” Mr. Javaid said. “You really need a suite of softwares to protect yourself.”

    Beyond software, there’s also education.

    Experts say individuals or businesses can do several simple and inexpensive things to mitigate risk, including performing regular backups of data and always immediately updating security patches for a system’s operating software. Also pay close attention when clicking on links, opening emails, or downloading attachments.

    It never hurts, experts say, to ask an email sender if they really intended to send you a document or link.

    “It’s a little like defensive driving. People drive, and you don’t even think about what you’re doing anymore. The mindless driving can get you into an accident. It is similar on viruses, ransomware and malware — you’re just mindlessly clicking emails and links,” said Jeff Boersma, owner of Toledo-based IT firm Modern Data.

    Researchers say it also is important to note that those behind ransomware aren’t necessarily targeting attacks against any one company. Instead, they let the program loose and rely on what are essentially automated requests, looking for any vulnerable target they can find. That can include corporations, individuals, even cities.

    “It’s a daily concern of mine,” said David Scherting, information communication technology director with the city of Toledo.

    Mr. Scherting said the city regularly talks to security vendors and has increased its protections in recent years. It also has procedures for dealing with ransomware, including getting the affected device offline as soon as possible, wiping the device clean, and relying on backup data to restore the workspace as best as possible. It may mean a loss of a few days work — indeed, a ransomware attack on the city last year caused one person to lose three days — but generally will keep things from spreading.

    The city also tries to talk regularly about cybersecurity with its employees, imploring them not to open emails they didn’t solicit or don’t recognize. About 35 percent of emails sent to the city of Toledo each year are flagged and blocked for security concerns, Mr. Scherting said.

    Health care is another area at risk, not because hackers necessarily target their systems, but because of the grave consequences of a breach.

    David Brackett, chief technology officer in information technology services at ProMedica, said the health system has many tools that specifically monitor for known ransomware and for programs that act like ransomware. It also has a very aggressive patching schedule to ensure patient health and financial data is secure.

    “That’s a big responsibility. Health organizations take it seriously, and there’s not a single tool; it’s a collection of tools and a collection of producers and operations to be able to be best protected,” Mr. Brackett said. 

    “Really what stops it from spreading is the ability to stay in front of it and stay patched and keep your staff and yourself educated,” Mr. Brackett said.

    Wendy Gramza, President at Toledo Regional Chamber of Commerce, addreses the crowd at their annual meeting. The Ohio Small Business Development Center, housed within the Chamber of Commerce, has received a state grant for cybersecurity training sessions.
    Wendy Gramza, President at Toledo Regional Chamber of Commerce, addreses the crowd at their annual meeting. The Ohio Small Business Development Center, housed within the Chamber of Commerce, has received a state grant for cybersecurity training sessions.

    Cybersecurity training

    It is difficult to know if other local firms have fallen victim to ransomware or other catastrophic malware attacks, largely because most firms are loath to talk publicly about it for fear of damaging their reputation. But most experts agree the number is far higher than what people would expect.

    Mr. St. John said Rudolph Libbe wanted to be transparent and shared freely details of its situation with customers and vendors. 

    By going public, Mr. St. John hopes to increase awareness of the threats and give others a push to re-examine their own security systems and procedures.

    “This isn’t going to go away, and as technology changes so will the hackers,” he said. “If we all work together by sharing our experiences it may help someone else from potentially having a risk or teach them to more quickly respond to a risk that they have.”

    The Toledo Regional Chamber of Commerce is setting up a program to do just that. The Ohio Small Business Development Center, which is housed within the Chamber, recently received a $25,000 state grant to hold cybersecurity training sessions and to deeply evaluate security risks for a group of 15 area companies.

    Bill Wersell, director of the Small Business Development Center, said it is hoped that the information learned there not only will help those companies shore up defenses but will give the business community at large a better grasp of what it does well and where it could improve.

    “Over the last year this has become a major concern of business owners, making sure their systems are safe and secure because either they’ve been hit or impacted in some way shape or form, or they know of a business in their network that has been impacted,” Mr. Wersell said. 

    “You’ve really got to stay vigilant.”

    Contact Tyrel Linkhorn at tlinkhorn@theblade.com or 419-724-6134.