LAS CRUCES – From downed security cameras at the county’s jail to students sequestered at home, a recent volley of cyber attacks in Albuquerque had many real-world consequences for the hundreds of people who relied on the compromised computer systems.
The attacks that briefly incapacitated two of New Mexico’s largest and highest-funded municipalities — Bernalillo County and Albuquerque Public Schools — reminded cybersecurity experts and officials in Doña Ana County that malware and ransomware attacks are a constant threat.
In the Albuquerque cases, officials have confirmed that both attacks were the result of ransomware. Ransomware is jargon for software that blocks access to users until a ransom is paid. Ransomware is a type of malware, which is any software created to damage or disrupt a computer system.
Hackers regularly target municipalities such as counties and school districts because they expect those systems to have archaic security, according to Tao Wang, assistant professor in the Department of Computer Science at New Mexico State University.
“Many government systems are out of date,” Wang told the Sun-News in a recent interview. “They may have some vulnerabilities that are attacked by hackers.”
Additionally, Wang said that hackers target municipalities because they hold sensitive records and systems. The hackers are betting that the municipalities will pay money to regain access to those records instead of pursuing other solutions.
Wang said the difference between a temporary suspension of operations and paying the ransom depends on what the municipality did before the attack began. Most critically, backing up data and software ensures that municipalities have systems to fall back on, Wang said.
“if you backup your data previously, then you can recover your system from your backup,” Wang said. “If you don’t have a backup, then maybe you need to pay the ransom.”
Training staff about how to detect and avoid malicious emails is another major tool when defending against cyberattacks, Wang said. Hackers will often use emails that seem important and contain a link.
Once the email recipient clicks on the link, the ransomware might begin to download or the email recipient will be taken to a website with more malware download links.
More often than not, the hackers using ransomware are motivated by profit, Wang said. While politically motivated attacks do happen, Wang said those attacks typically involve software that steals or destroys information.
Ransomware is nothing new in Doña Ana County.
Two years ago, Las Cruces Public Schools and Gadsden Independent School District were the victims of ransomware. In those attacks, officials said Ryuk malware — which deletes backed up data, locks access to files, and demands ransom typically for hundreds of thousands of dollars — was responsible.
Original Reporting:Las Cruces schools slowly digging out from ransomware attack
LCPS did not have to pay a ransom and instead relied on other backup systems to bring the school district back online, according to the Sun-News’ previous reporting. Officials said they believe that the Ryuk malware was introduced into the computer system from a suspicious email.
Unlike APS, LCPS and GISD did not have to send students home while they repaired their systems.
In the last decade, U.S. municipalities have seen an increase in malware and ransomware attacks, according to cybersecurity firm SonicWall. in 2021, a report from the British cyber security firm Barracuda Networks estimated that 44% of all ransomware attacks across the world target municipalities.
As the rate of ransomware attacks increases, so does the cost of defense.
The price tag to train employees about suspicious emails and purchase equipment to back up important files can grow quickly, but the cost is worth it according to Doña Ana County IT Director Bob Bunting.
When Bunting read the news regarding Bernalillo County and APS, he said it served as a reminder that attacks could happen at any time.
“It does cause you to step back and take a look at how we are doing, and (ask) what can we do to improve and try to make sure that we don’t fall victim to the same sort of thing,” Bunting told the Sun-News.
Bunting, who’s been working on the county’s computers for 15 years, recalled one major attack in his time with the county. About 10 years ago, the Doña Ana County website was taken over by a hacker who inserted a political message on the page. The hacktivist, a hacker with a political agenda, didn’t have control for very long. Bunting said that IT staff got a hold of the website shortly thereafter.
Otherwise, the county has been spared from the kind of attacks that incapacitated the county government in Albuquerque But if it did happen in Doña Ana County, Bunting said that the county is prepared with accessible backups and regular staff training.
Justin Garcia is a public safety reporter for the Las Cruces Sun-News. He can be reached at JEGarcia@lcsun-news.com or on Twitter @Just516garc.
Others are reading: