PITTSBURGH (KDKA) – The FBI said ransomware attacks are on the rise and criminals are asking for more money than ever before. The FBI said the “bad guys” are getting bolder, and it has gotten easier for them.
At their South Side office, the FBI is fighting a battle. It’s not with any weapons, just computers.
READ MORE: Construction Underway For First-Of-Its-Kind Homeless Shelter In Pittsburgh
“The people behind these type of schemes are making a lot of money from it and it’s emboldening them,” FBI Supervisory Special Agent Steve Lampo said on Thursday.
The FBI Pittsburgh Division said this year it has two reports of ransomware adding up to $390,000. Agents believe more situations are going unreported. Recently these attacks have gotten easier for hackers because ransomware is now a service.
“Where someone will develop a type of ransomware and give it to other criminals and basically rent it out to them for a cut of the profits,” Agent Lampo said.
“We’ve gotten to the point where we now realize that a cyber hack on one person or one company really impacts all of us,” former U.S. Attorney and Pitt Cyber Founding Director David Hickton said over Zoom.
He said one of the biggest threats is an attack on utilities and infrastructure.
Pennsylvania American Water gave KDKA this statement on their cybersecurity.
“Pennsylvania American Water recognizes the essentiality of our water and wastewater services and acknowledges the severity of cyber threats.
READ MORE: Pennsylvania Commission On LGBTQ Affairs Addresses COVID-19 Vaccine Hesitancy
“Our company has always endorsed a ‘safety and security approach’ to water and wastewater operations, and this persistence extends to cyber threats as well. We have taken a number of steps to help maintain the security of our systems and work with local, state, and federal government and agencies to prepare for cyber-threats. Pennsylvania American Water has a dedicated team of certified professionals who help maintain the cybersecurity of our informational and operational technology systems; safeguard the physical security of our staff, facilities and assets; and provide emergency response and business continuity activities. We recognize the sophistication of this cyberattack and are focused on understanding and minimizing impact if a breach occurs by constantly testing our cyber response protocols.”
Duquesne Light provided this statement:
“We understand how crucial it is to protect our systems and data from a possible cybersecurity event. Duquesne Light Company (DLC) maintains a robust defense program that aligns with the National Institute of Standards and Technology’s Cybersecurity Framework, which helps secure critical infrastructure. Through this effort, we ensure that extra security controls are in place and that we’re prepared to quickly detect, respond to and recover from any incidents that may occur. As cybersecurity evolves and the risk to our industry increases, we’ll continue to evaluate the program and make appropriate changes.
“DLC also adheres to regulatory standards of the North American Electric Reliability Corporation’s Critical Infrastructure Protection plan.
“To further safeguard our operations, we consistently apply best practices for ransomware prevention and response. These include security awareness and training programs, email protection systems, layered security controls and specific technical controls and programs.”
“Within the office, we have a public-private sector partnership program in which we go out and meet with our utilities and other critical infrastructure on a regular basis,” Agent Lampo said about working with utilities.
Hickton said we need to change the culture of carelessness. He feels more accountability, including possible termination, should be in order.
“Now that the entire operation is on the cyber platform, we can no longer afford that. Whether it’s a company, an industry or the country,” Hickton said.
MORE NEWS: ‘He’s Like A Grandpa’: Sewickley Farms Community Wishes Beloved Bus Driver A Happy Retirement
With computers in many cars, the FBI said it works with companies including here in Pittsburgh on preventing those hacks. They said no cars have been hacked outside of lab tests.