Earlier this week, viewers of Boise TV station KBOI CBS2 might have noticed something different. The station’s newscasts did not have graphics, music – or even a working weather computer.
Station meteorologist Roland Steadham powered through with an easel and magic marker. The station’s reporters, editors, and producers still got news on the air, but they did it in a decidedly old-school way.
Without most of their computers.
KBOI’s owner Sinclair Broadcast Group was hit with what it called a “cybersecurity incident,” with computers and servers infected with ransomware. CNN reports a Russian hacking group whose primary motive is profit, is behind the attack. The station is back up and running with most of its tools again in place.
At its simplest form, ransomware uses some type of vulnerability in an organization’s computer system to encrypt computers and servers. It then deploys a demand for payment – often in cryptocurrency – to unlock the systems and restore access.
Growing problem – including locally
CNBC reported last year that organizations in the US paid more than $350 million in ransoms. But the true cost is likely much higher.
While the impact of the ransomware on KBOI was high-profile and highly noticeable, the station is hardly alone. Locally, ACHD got hit in 2019 as well as Townsquare Media. Twin Falls County was impacted last summer. But many other incidents have likely gone without making headlines.
Edward Vasko heads Boise State’s Institute for Pervasive Cybersecurity, a job he took after 30 years in the private sector in cybersecurity. He said organizations of all types – business, nonprofit, and government – are at risk.
“We have had Treasure Valley and Idaho-related impacted from this kind of activity,” he said. “School districts, in particular, are a main area of focus for cybercriminals. If (a criminal) can go get the keys to a kindergartener’s data and hold it ransom, they can benefit in two ways. (They) can likely get the ransom paid – at least until recently due to federal guidance, but they also get the long-term aspect of that student’s record and their identity they can steal for twelve or more years.”
Vasko said other major targets are health systems, utilities, and governments.
No silver bullets. Steps to take
Preventing and stopping cybercriminals isn’t foolproof – and there’s no “silver bullet” according to Vasko. But there are steps every organization should take. The first, is culture.
“People are the key element to preventing ransomware attacks. Take the time to educate staff – not in the once-a-year way,” he said. “I liken the concept of cybersecurity to physical safety. There’s a focus on making certain that workplace safety is paramount. My emphasis is to treat cybersecurity the same way you treated workplace safety.”
He said employees should be reminded of good security procedures constantly – both what employees should and should not be doing.
Password security is another priority. The old “use a weird mix of letters, numbers, and symbols” for passwords is no longer recommended by many cybersecurity experts.
Instead, experts recommend a “passphrase,” with a series of words connected by a symbol. For instance “building-bus-tree-slipper-phase.” The longer password is tougher for criminals to crack – but can also be easier for a human to remember than something like “$123ou812.” But the passphrase shouldn’t be words that could easily be guessable by looking at your social media profile.
“Cybercriminals have built out all the available characters to essentially build out a database of all possible guessable passwords up to about 16 characters,” Vasko said. “If they can get the password file from somewhere, they can leverage it against you.”
Other top steps to take:
- Use different passwords for each app or website. Be particularly careful with your bank log-ins. Use a password manager to help make it easier to keep track of all the different passwords.
- At the enterprise level, backups are key for businesses, he said. Keeping key infrastructure backed up and completely disconnected from the outside world – either on a piece of physical media or disconnected from the Internet.
- “One particular incident of ransomware would have been absolutely disastrous if they had not one of the core servers offline – they got sheer luck to have this server offline,” he said. “It happened to have some of their key elements. If it had been online, they would have been wiped out.”
- Enable multi-factor authentication everywhere you can. Vasko said this also is not foolproof, but making it even a bit harder can stop a criminal. Multi-factor authentication pairs a password or passphrase with “something you have,” Vasko said. A phone, a token or an SMS message.
- Continue phishing education. Don’t open attachments from unfamiliar sources. Vasko said to be watchful of folks trying to use similar looking domain names. As an example, instead of “boisestate.edu,” a message could from from “böisestate.edu” – with the umlaut over the “o.” The subtle difference is a red flag.
Ultimately, Vasko said, the science of cybersecurity continues to evolve – and it’s unlikely to stop.
“There’s no silver bullet,” he said. “We see contractors say ‘I can solve all your problems!’ The reality is that cybersecurity is this phenomenal nexus of the traditional IT, of people, of process and technology.”