KNOXVILLE, Tenn. (WATE) – A ransomware attack on a vital U.S. pipeline is amplifying the growing need for added cybersecurity measures, and Knoxville, a site where the Colonial Pipeline passes, is no exception.
The City of Knoxville also had a ransomware attack last year.
According to the Federal Bureau of Investigation, ransomware is a type of malicious software, or malware, that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return. Ransomware attacks can cause costly disruptions to operations and the loss of critical information and data.
The FBI also states that you can unknowingly download ransomware onto a computer by opening an email attachment, clicking an ad, following a link, or even visiting a website that’s embedded with malware.
“Either someone clicked a link that they weren’t supposed to, or they receive an email from someone that they know or trust, whose email account may have been compromised,” Jason Jarnigan, FBI Knoxville Supervisory Special Agent for Cyber Crimes, said.
Once the code is loaded on a computer, it will block access to the computer itself or data and files stored there. More menacing versions can encrypt files and folders on local drives, attached drives, and even networked computers.
Most of the time, you don’t know your computer has been infected. You usually discover it when you can no longer access your data or you see computer messages letting you know about the attack and demanding ransom payments.
The City of Knoxville experienced a ransomware attack last year.
The city confirmed last summer that the people or threat actor behind the ransomware/malware attack on the city’s computers in June 2020 began publishing information gathered from it.
The threat actors had asked for 42.5 Bitcoin in ransom money — at the time, that was equivalent to around $393,000. Invoices were released by the city in January. The invoices showed the city paid $217,000.00 since the attack to fix the problem instead of paying the ransom.
That money went to ransomware recovery experts, protection services to contain the breach, lawyers, and problem-solving management.
Jarnigan said his office, and the FBI office nationwide, have seen an increase in ransomware attacks since the start of the pandemic.
He said his office gets about four to five calls a week for reports of ransomware attacks.
“Businesses that were once on business sites, now have to accommodate people working at home, people working on their computers more, and thus there’s more opportunity for them to become infected by ransomware,” Jarnigan said.
If you are a victim of a ransomware attack, Jarnigan said don’t pay the attackers.
He said there is no guarantee the attackers will give any of the data back.
Jarnigan also said paying the perpetrators encourages them to target more victims and offers an incentive for others to get involved in this type of illegal activity.
“We like to say that there would be no ransomware if people did not pay the ransom,” Jarnigan said.
He said it’s best to be proactive and have backups stored, so if a company or person did become a victim of a ransomware attack, they at the least wouldn’t have to worry about not having access to those critical files.
“All you have to do, relatively speaking, is wipe your computers, reinstall your operating system and reload your critical files that you have backed up. That’s the best posture to be in,” Jarnigan said.
Jarnigan said there are several proactive ways to protect your company or personal information from ransomware attacks.
First, keep updating computer software, programs and anti-virus applications. Make sure those are always up to date, because, Jarnigan said, technology keeps changing, and that goes for how criminals attack.
Jarnigan also said it’s very important to back up your critical data, and make sure to do so in a way they are not connected to the computers and networks they are backing up.
“Just like you may have copies of your photographs at home that mean the most to you, you would need to do the same thing for your vital files if you’re a small business. All the files that you rely upon day to day, you should have those backed up somewhere and backed up separately,” Jarnigan said.
Jarnigan said companies should also keep their critical information (especially when it comes to operating systems) separate from their emailing system since that’s where most ransomware attacks come from.
“We recommend that you have a different computer operating your emails than the one turning on and off different functions that are critical to your company,” Jarnigan said.
That way, if your system has been infected by ransomware, the perpetrators wouldn’t be able to gain access to important operating functions.
Jarnigan said reminders to employees about what phishing emails look like, and what links should not be clicked on, are important for companies, especially larger companies.
“Larger companies, they have a lot of employees, and with every employee, it introduces an additional risk,” Jarnigan said.
If you have become victim to a ransomware attack, report it to the FBI.
You can call your local FBI office, which in East Tennessee is located in Knoxville, and can be contacted at (865) 544-0751.