author photo
By Bob Sullivan
Wed | Aug 3, 2016 | 4:01 PM PDT

How bad has the ransomware problem become? The state auditor of Ohio held a press conference yesterday because local government agencies keep falling for ransomware attacks. And a firm that tracks domain activity found a 3,500% increase in ransomware-related domain name registrations in the past quarter. Hackers love to cut and paste, so imitation is the surest sign that something is working.

Recall the high-profile, alarming ransomware attacks earlier this year on hospitals. These "your money or your data" crimes can do a lot of damage quickly, and confused organizations brought to their knees by missing mission-critical data often pay up. Of course, smaller organizations with less IT resources are at greater risk.

Here's what's going on in Ohio. Auditor of State Dave Yost issued a warning on Thursday to treasurers, fiscal officers and others responsible for spending public money that cybercrimes targeting government are "on the rise." And he offered these examples.

  • An investigation continues in an eastern Ohio county after the county's court data was attacked by ransomware on May 31. A virus had encrypted the court's data and hackers demanded $2,500 for the key to unlock the information. Because a recent copy of the data wasn't available, the county agreed to pay the $2,500. (Note: Because the transaction is ongoing, we are not identifying the county.)
  • A similar ransomware attempt was made April 5 in Vernon Township (Clinton County). That cyberattack did not result in the payment of any ransom because the township's data was backed up.
  • In Peru Township (Morrow County), the township fiscal officer's computer began screeching on March 9 before a notice appeared on the screen advising that a solution was available by calling an 800 number. The township paid $200 to stop the attack.

In separate, non-ransomware incidents, an employee at Big Walnut Local School District in Delaware County was tricked into issuing a check for $38,520 to a hacker. The money was recovered before it was lost. The Madison County Agricultural Society wasn't as lucky; it was scammed out of $60,491 through someone posing as the IRS, collecting back taxes.

"We've all seen and heard about the criminals who try to steal our personal funds. These scammers would like nothing more than to get their sticky fingers on our tax dollars, too," Yost said. "We need to be vigilant because they are becoming increasingly sophisticated in how they attempt to steal money through the internet."

Yost is right. Network security firm Infoblox reported last week that hackers were falling over each other to set up websites related to ransomware scams. The firm tracks domain registrations as a way of monitoring the Internet for threats, and it says it found a 35-fold increase in newly observed ransomware domains from the fourth quarter of 2015.

"There is an old adage that success begets success, and it seems to apply to malware as in any other corner of life. In the first quarter of 2016, there were numerous stories in the news about successful ransomware attacks on both companies and consumers," the firm said. "We believe the larger cybercriminal community has taken notice."

According to the FBI, ransomware victims reported costs of $209 million in the first quarter, compared to $24 million for all of 2015.

"Unless and until companies figure out how to guard against ransomware - and certainly not reward the attack - we expect it to continue its successful run," Infoblox said.

Yost said all the crimes began with some variation of phishing, and urged all government employees to be on alert.

"The internet is the tool of choice for criminals, and we need to make it as difficult as possible for thieves to access community treasure chests," Yost said.

The best way to do that, as Vernon Township showed above, is to keep good backups.

This article originally appeared on Bob Sullivan's blog at: