On a Monday morning in January 2019, an employee at The Village city hall discovered a network server locked down without a way in.
A hacker found their way into the server and launched a ransomware attack the night before. They left contact information and a message: If you want your server back, pay up.
“Obviously we didn’t call the number,” said The Village City Manager Bruce Stone. “I assume what would happen then if you call the number is they’d tell you how to get bitcoins or something to make a payment.”
Stone’s hunch might have been right. A common theme among ransomware hackers is to lock down a system and only open it back up upon payment – often using the Bitcoin cryptocurrency because it’s harder to identify who’s behind transactions.
More:After Oklahomans waited hours to vote, lawmakers look to extend early voting
The city was able to restore their files from a backup. Stone never considered paying the ransom.
Ransomware is a cyberattack that encrypts the target’s data. Without a key to unlock the malicious program, there’s not much someone can do if they don’t have a secure backup.
In the United States, cybersecurity researcher Emsisoft estimates that ransomware cost governments, businesses and even people with personal computers more than $1 billion in 2019. It’s such a problem, the Oklahoma House of Representatives voted unanimously this month to outlaw it on a state level.
Another study by Check Point research last year showed hospitals and health care organizations were the hardest hit by ransomware. Typical attacks demand several hundred thousand dollars and some have demanded $5 million or more, USA Today reported. Hospitals are often targeted because criminals know they are more likely to pay than other businesses. That’s because hospitals can’t shut down for long without impacting patient care.
Even small attacks can have devastating financial effects on individuals, according to the federal Cybersecurity & Infrastructure Security Agency. Some ransomware attacks are indirect, meaning they can land in the inbox of a random person’s home computer.
But if using ransomware becomes a state crime, does Oklahoma have the…