09.23.19

SCHUMER REVEALS: LONG ISLAND SCHOOLS & LOCAL GOVTS REMAIN UNDER THREAT OF SOPHISTICATED RANSOMWARE ATTACKS THAT HOLD PERSONAL INFO HOSTAGE, OR EVEN SELL IT; SENATOR SAYS LEGISLATION TO BEEF UP ENFORCEMENT MUST BE PASSED AND FBI MUST STEP IN TO PINPOINT CULPRIT ASAP; ATTACKS ON RISE

Computer Attacks Across New York—And Now Long Island—Share A Common Theme Of Gaining Entry, Locking Administrators Out And Then Demanding Ransom; Rockville Centre Just Paid Nearly $100,000 In Ransom

Schumer Wants FBI To Step In, Brief Congress On A Plan To Better Combat Attacks Targeting Local Schools & Governments—And He Wants New Leg Passed  

Schumer: Feds Need To Take A Mega Bite Out Of LI Ransom Hackers—Or They’ll Get Even Bolder

In the wake of local New York school districts—now including Long Island—being targeted by destructive ransomware cyber-schemes, U.S. Senator Charles E. Schumer is pushing a multifaceted plan to prevent ransomware hackers from taking schools—and the personal information of New York students—hostage. Schumer said that in recent months, school districts across the state, from Long Island, to the Hudson Valley and more, have been victimized by hackers using ransomware, which is an insidious type of malware that encrypts, or locks, a computer’s operating system, and all of its valuable digital files, until a ransom is paid.

“Over the last few years, and especially in recent months, our communities and school districts throughout New York and now on Long Island have fallen victim to hackers and their malicious ransomware, which infiltrates computer systems and holds hostage the personal information and vital data of our students, school employees, families, school boards and local governments. It’s clear that our state is under siege from these attacks, and we must do more to ward them off,” said U.S. Senator Charles Schumer. “That’s why today I’m pushing a two-pronged effort to fight back against these cyber-crooks by urging Congress to quickly pass the bipartisan DHS Cyber Hunt and Incident Response Team Act and by calling on the FBI to quickly and thoroughly investigate the incidents that have plagued New York and then brief Congress."

To address the scourge of ransomware attacks, and the possible targeting of Long Island, Schumer is pushing to pass the bipartisan DHS Cyber Hunt and Incident Response Teams Act, which is led by Senators Margaret Hassan (D-NH) and Rob Portman (R-OH). The legislation would authorize the Department of Homeland Security to maintain cyber hunt and incident response teams to assist in protecting state and local entities from cyber threats and help restore the functionality of private or public infrastructure following an attack. Second, Schumer urged the Federal Bureau of Investigations (FBI) to ensure its field offices have resources necessary to investigate and identify the perpetrators of the attacks on Long Island and across New York, and then brief Congress on how to better understand what is going on and how to stop it.

Once a computer is infected with ransomware, it can be extremely difficult to recover the compromised files until the ransom is paid. Hackers are able to do this by extorting businesses, individuals and institutions when they infect computers with malware and encrypt their data, thereby taking computers and smartphones hostage, and then charge a ransom to retrieve it. Due to advances in technology, it is often very difficult—if not impossible—to trace. Beyond school districts, Schumer explained that hackers also regularly target businesses, police departments, hospitals, banks and other institutions that hold a large amount of sensitive, personal information. Schumer added that ransomware has two major, devastating consequences. First, victims cannot use the computer systems on which they depend until files are unlocked, rendering them virtually paralyzed in today’s digital age. But more importantly, victims’, including children’s, personal information is often compromised when hackers gain access to a computer housing confidential information including financial records, medical reports, social security numbers and more.

In recent months, New York has been blanketed by malicious ransomware attacks, from one corner of the state to the other. Schumer explained that, according to reports, the Rockville Centre School District was breached by ransomware this past July and was forced to pay nearly $100,000 insurance deductible to regain access to its computer systems. The July ransomware attack kept Rockville Centre School District locked out of its operating system and ran the risk of exposing students’ private information to hackers. Similarly, Schumer explained, that Mineola School District was also attacked by the same ransomware in August, however, they did not have to pay a ransom because all their data was backed-up offline. For those that are attacked by ransomware but don’t have to pay ransom, are forced to rebuild servers and scrub all files. Furthermore, Lynbrook School District was attacked this past February, damaging the school’s email and forcing the school district to rebuild the server. There are other instances, as well.

Furthermore, hackers have also targeted private companies on Long Island. This April, hackers targeted Verint Systems Inc., a cybersecurity software provider located in Melville, however, the attack did not impact customers or company partners. And they’ve even gone upstate to Syracuse and beyond.

“The bottom-line here is that the feds need to take a mega bite out of these ransom hacking crimes or the perpetrator(s) will get even bolder,” Schumer added.  

“The recent wave of ransomware attacks that have hit American cities and government offices has exposed an urgent cybersecurity threat that we need to address,” said Representative Kathleen Rice. “As we saw right here in Rockville Centre, these attacks are dangerous and costly, and it’s critical that we equip local municipalities with the resources they need to protect themselves. We cannot allow cybercriminals to hold our towns and cities hostage. That's why it's important that the Senate pass the DHS Cyber Hunt and Incident Response Teams Act, which will provide our communities with the technical and law enforcement support they need to mitigate these threats." 

“Protecting our schools from hackers must be a priority in this day and age”, said New York State Senator Todd Kaminsky. “I was proud to join Senator Schumer to unveil a plan to stop hackers from holding our children's personal information hostage. I will continue to work collaboratively with my partners in government to ensure the safety and privacy of our youth — their futures demand no less."

“Ransomware has become an increasing threat to school districts in New York and it is vital that we take steps to secure our data,” said Assemblywoman Judy Griffin. “Thank you Senator Schumer for your leadership on this important issue. I look forward to working with my colleagues in all levels of government to protect our schools and children from this potential danger."

“We are a good example of how vulnerable schools and municipalities are to cyber-attacks, even though we were using what we thought was state of the art virus protection,” said Rockville Centre Superintendent Dr. William H. Johnson. “We welcome any effort by the State or Federal Government designed to assist us in protecting our data, our taxpayers and our children."

“Cyber security is one of the most important topics facing school districts and municipalities today. We need to change the way we think and take practical steps such as setting up verified back-ups. We also need to educate our staff about the risks of opening up attachments and clicking on links in emails. Think of it as the online version of stranger danger,” said Nassau BOCES District Superintendent Dr. Robert Dillon.

In his letter to the FBI, Schumer urged the agency to continue providing the necessary resources to field offices across New York to sufficiently investigate the attacks and identify their perpetrators. And upon finishing its investigation into the swaths of ransomware attacks across New York, Schumer requested the FBI immediately brief him on the details of those attacks and others experienced by states and localities across the country. Schumer explained that such a briefing would help Congress understand the law enforcement challenges posed by the attackers’ use of cryptocurrencies and what additional funding or authority should be provided to ensure future attacks can be stopped. Schumer said that the prevalence of the ransomware attacks and their consequences illuminate a clear and present need to do more to deter them, and that taken in tandem, the two measures in his plan would be a critical step towards doing just that.

A copy of Schumer’s letter to the FBI appears below.

Dear Director Wray:

I write regarding recent ransomware attacks that have caused significant disruptions to school districts and local governments in New York.

As you are aware, more than 40 municipalities across the country have reportedly been the victims of ransomware attacks this year alone. In New York, victims of these destructive attacks over the past year have included: Long Island school districts, the City of Albany, the Monroe-Woodbury Central School District in the Hudson Valley, the Olean Medical Group in Rochester, the Syracuse City School District and Onondaga County Public Library system in Syracuse, the Watertown School District and the Rockville Centre School District in Long Island.

These attacks have successfully crippled access to computer systems, compromised sensitive personal information, and in some cases, led to payment by local governments to hackers in the form of cryptocurrency. The Department of Homeland Security recently described this disturbing trend as a “ransomware outbreak” and as one of the most visible cybersecurity risk playing out across our nation’s networks.

In response to this surge, the FBI has increased its efforts to respond to this cybersecurity threat. In addition to tracking incidents through the Internet Crime Complaint Center known as “IC3,” the FBI has targeted the criminals perpetrating these attacks from locations in outside the United States, including Eastern Europe. The FBI has also enlisted the assistance of international law enforcement partners to locate the stolen or encrypted data, identify perpetrators, and assist victims in implementing countermeasures to avoid similar incidents in the future.

I am grateful for all the work the FBI continues to do in investigating to and deterring cyber-attacks against our nation, including any assistance to local communities that have been targeted by ransomware. Accordingly, I urge the FBI to make sure its local offices continue to have the resources necessary to investigate and identify the perpetrators behind these ransomware attacks in the New York and help ensure they are brought to justice. After your investigations are complete, I also request a briefing regarding the details of these recent attacks in New York and similar attacks on other municipalities and states, including law enforcement challenges posed by the attackers’ use of cryptocurrencies, to better understand what additional funding or authority should be provided by Congress to prevent similar attacks.

Thank you for your attention to this important matter.

###



Previous Article Next Article