Computer Attacks Across Upstate New York Share A Common Theme Of Gaining Entry, Locking Districts Out, And Holding Children’s Personal Information For Ransom 

Schumer Announces, Following His Push, Senate Passage Of DHS Cyber Hunt And Incident Response Teams Act To Maintain And Strengthen Teams On The Ground To Bolster Resiliency To Cyberattacks At Public And Private Entities

Schumer: Cyber Hunt Teams Will Help Stop Hackers And Malicious Schemes Dead In Their Tracks

In the wake of Upstate New York school districts being targeted by destructive ransomware cyber-schemes and following his full-court press, U.S. Senator Charles E. Schumer announced that on Tuesday, the Senate passed the DHS Cyber Hunt and Incident Response Teams Act. The legislation, introduced by Senators Maggie Hassan (D-NH) and Rob Portman (R-OH) and co-sponsored by Schumer, would authorize the Department of Homeland Security (DHS) to maintain and strengthen cyber hunt and incident response teams to assist in protecting state and local entities from cyber threats and help restore the functionality of private or public infrastructure following an attack. A similar bill has already passed in the House of Representatives, and the two pieces of legislation will now begin the reconciliation process.

“The Senate passing the DHS Cyber Hunt and Incident Response Teams Act is an important step in protecting Upstate New York school districts from the swaths of ransomware attacks that take hostage the personal information and vital data of our students, school employees and local governments,” said Senator Schumer. “It’s critical that we use all available resources to protect New York students from cyber crooks, and enhance and increase our resiliency to these attacks. I’m proud of the role I played in pushing this sorely-needed legislation through the Senate and won’t stop working until it’s signed into law.”

Specifically, the DHS Cyber Hunt and Incident Response Teams Act, which is cosponsored by Schumer, would authorize DHS to maintain and strengthen cyber hunt and incident response teams. These teams, Schumer explained, would then be sent to both public and private entities upon request, giving them advice on how best to fortify their computer systems and prevent both ransomware and other types of cyber-attacks, as well as additional technical support. Should an organization fall victim to ransomware or another type of cyberattack, these federally-resourced teams will continue to be available to assist with incident response.

Once a computer is infected with ransomware, it can be extremely difficult to recover the compromised files until the ransom is paid. Hackers are able to do this by extorting businesses, individuals and institutions when they infect computers with malware and encrypt their data, thereby taking computer systems hostage, and then charge a ransom to retrieve it. Due to advances in technology, it is often very difficult—if not impossible—to trace. Beyond school districts, Schumer explained that hackers also regularly target businesses, police departments, hospitals, banks and other institutions that hold a large amount of sensitive, personal information, but may not have the resources to fend off cyberattacks. Schumer added that ransomware has two major, devastating consequences. First, victims cannot use the computer systems on which they depend until files are unlocked, rendering them virtually paralyzed in today’s digital age. But more importantly, victims’, including children’s, personal information is often compromised when hackers gain access to a computer housing confidential information including financial records, medical reports, social security numbers and more.

In recent months, Upstate New York has been blanketed by malicious ransomware attacks, from one corner of the state to the other. Schumer explained that, according to reports, on July 8th of this year the Syracuse City School District was breached by ransomware and forced to pay a $50,000 insurance deductible to regain access to its computer systems. The July ransomware attack kept Syracuse City School District locked out of its operating system for roughly a 24 hour period, and additionally damaged its website, email system, and phones and ran the risk of exposing students’ private information to hackers. Similarly, Schumer explained, that same month in the North Country, the Watertown City School District was also attacked by ransomware. Furthermore, over the past few years, a major uptick in ransomware attacks has been reported among Rochester-Finger Lakes Region school districts. At least two attempted ransomware attacks have targeted the Rochester City School District recently, and in 2016, the Holley Central School District was hacked, with the private information of many employees being exposed in the process.

Schumer added that school districts in the Hudson Valley have been particularly impacted by the scourge of ransomware. This month, the Monroe-Woodbury School District had to cancel its first day of class, September 4th, due to an attempted intrusion by hackers. Furthermore, in 2016, the Rhinebeck School District was struck by ransomware and was temporarily locked out of its system. The hackers demanded $500 from the Rhinebeck School District in exchange for returning access to its computers.

Ransomware has also targeted other types of public entities, including local governments and police departments. This March, according to reports, the City of Albany was plagued by malicious ransomware. The attack on the city impacted municipal systems, with locals unable to receive documentation like birth certificates, death certificates and marriage licenses for days. The Schuyler County Sheriff’s Department was also inflicted by ransomware in 2017, with the incident resulting in the county’s 911 emergency system reportedly being taken offline. Schumer said that while, fortunately, Schuyler County was able to regain access to its 911 emergency system without any major incidents occurring, the consequences could have been devastating.

Furthermore, hackers frequently target private entities with ransomware as well. This June, hackers attempted to break into the Olean Medical Group’s computer system. The personal information and records of patients were protected during the incident, however, it did lead to Olean Medical Group taking its computer system down. This forced doctors seeing patients to chart on paper, rather than digitally. And in 2017, the Erie County Medical Center was devastated by ransomware. Reportedly, the ransomware attack rendered over 6,000 computers inoperable, with hackers demanding roughly $30,000 in bitcoin as payment. Schumer explained that while Erie County Medical Center refused to pay the ransom, the incident in total cost the organization a total of $10 million for new computer software, hardware, technical assistance and overtime pay for employees.


Previous Article Next Article