Detective Cy was in her office researching why so many attacks have been happening recently when she received a call.
Joe, the technology chief for a school in Dallas, Texas said when he tried to log into his computer that morning, he could not get past an initial message. The entire network was shut down. The initial message said, “All your important files are encrypted!” Joe told Detective Cy, “I immediately freaked out and called you.”
Joe works for a school with over 3,000 students whose data had just been held for ransom. They not only had the student’s full information like social security numbers, date of birth, and addresses, but also had financial information of the school and the staff.
The hacker only wanted to be paid by Bitcoin, due to it being hard for the transaction to be traced.
Cy knew this was common, she read that the U.S. Treasury Department warned last month that ransomware attacks have increased due to the coronavirus pandemic, and school districts have been targeted because hackers find it easy to target a thinly staffed technology department.
Cy investigated the case to find where the attack occurred. She found that it originated from an “internal” email sent to an employee. This teacher received an email from Joe that said, “every user must change their password before Monday.” The email was received on a Friday, so the teacher without thinking about it just “updated” their password.
Cy looked at the email, she quickly found that the address that the email was sent on did not match. In addition, she found that the link that was in the email did not go to the school’s website but to a malicious site.
Cy told Joe that he should not pay the ransomware. She also stated that hovering over the sender’s email to verify where the email is coming from will help verify the email. Cy directed Joe to file a report with the Internet Crime Complaint Center which is part of the FBI. Joe did this later that day. He also agreed to share this information with his staff and enroll them into a proper training course, so this does not happen again.
- Always check the sender from emails to confirm the source.
- Never click any links that go to unknown websites.
- Always hover over links in an email to ensure the URL is legitimate.
- Always check the email, and, if the email is from a coworker, verify with them before making any changes. You can do this by replying to the email or calling that department.