I Have All Your Data. Pay Me.

Atlanta, Baltimore, the state prosecutor’s office in Allegheny County, the City of Washington, Pennsylvania, and 22 local towns in Texas. That’s not a list of places with good barbecue joints. Those are governments shut down by cybercriminals who used computer programs to hijack and lock files until the agencies paid hefty fines in a type of international data kidnapping scheme. Believe it or not, in most cases, the agencies just paid the fee to get their data back.

That couldn’t happen in Mt. Lebanon.

Or could it?

Mt. Lebanon’s information technology manager Nick Schalles explains what happens in the attacks. The criminals send an authentic looking email to an employee. It may look like an invoice. The employee opens the email. Maybe he or she is asked to open an attachment or download a zip file. In the meantime, any of those steps could have just launched malware, or software that loads on the computer and starts working in the background to encrypt files. Encryption locks everything, rendering it useless without digital software, called an encryption key, to unlock it. The user—and the government network—has no idea it is happening until the malware is installed … and the user gets a notification with a ransom, usually payable in bitcoin, a type of international digital currency not associated with regular, insured banks.

Like the common cold that changes form every year, thieves constantly remold the malware. Regular security software and anti-virus packages usually aren’t updated frequently enough to recognize the malware is installed until it’s already done its damage. Malware can affect any computer, including Macs and Chromebooks, which often tout that they are not susceptible to attacks.

“Ransomware is not sophisticated and that’s why it’s bad,” Schalles says. “Anyone can get an email from anyone.” Even external backup drives won’t help if you leave them plugged into your computer, as the malware sees the files and encrypts them there, too. “Anything mapped to your network drive is vulnerable. If you have access to those files, it can encrypt them.”

Even when agencies pay the ransom, they may not get their data back. The original programmers may be in jail and not available to unencrypt the files or they may return the data now, but install other software on the system that leaves vulnerabilities—called backdoors—so they can get back inside another time.

The only way to beat ransomware, Schalles says, is to take constant backups and data snapshots, and store those out of reach, such as on a cloud-based, third-party system, so the malware can’t find it.

Although encryption is bad when it’s used for illegal activities, it also has a good side, Schalles says. Government agencies encrypt their own data to protect it from hackers. Mt. Lebanon’s strict encryption practices keep your data safe in many instances, from police reports that contain sensitive, personal information to myLebo services that include personal data, such as your address and license plate number from that overnight parking request you submitted.

Encryption also protects you when you use any of Mt. Lebanon’s websites. Pay for a parking ticket? Pay your taxes online? All of your communication is encrypted.

Some of our data is stored offsite, such as the video gleaned from the police department’s body cameras. Any third-party companies that handle our data must be vetted and have independent security audits.

Schalles is quick to point out Mt. Lebanon’s policies and procedures also prevent data theft and unauthorized access. For example, to access certain confidential Mt. Lebanon police records, the officer has to have the username and password to get into particular computers where the material is available. The officer also then has to have a user name and password to access the software itself.

All municipal employees undergo background checks. Not just that, but municipal departments are only physically accessible to the employees authorized to be in that part of the building. The security system includes passcodes and key fobs that are coded only for authorized access.

IT locks computers so that employees cannot download software without a network administrator’s assistance. Policies prohibit downloading unauthorized apps and other programs without approval. Additionally, employees are repeatedly instructed about safe practices and warned not to open emails that don’t look right or come from unknown sources. “We don’t get lazy,” Schalles says.

Mt. Lebanon’s information technology staff works to ensure that our data is not compromised. Clockwise from left, IT director Nick Schalles, support specialist Chuck Graf, assistant director Ron Gray and support coordinator Sandy Marek.   

He and his staff, which includes assistant director of information technology Ron Gray, IT support coordinator Sandy Marek and IT support specialist Chuck Graf, field questions and serve as a resource for every municipal department.

Schalles keeps up on the latest trends in computer security, and attends training sessions by such companies as SANS Institute. “Every company security class that’s out there, I like to take.” He also learns about “Grey Hat Hacking,” which encourages IT professionals to try to hack into systems to expose vulnerabilities, so they can be immediately addressed.

With all of that said, does that mean Mt. Lebanon will never be hit by a cyberattack?

“You have to accept some sort of risk,” Schalles says. “If somebody wants to get into your system, they’re going to get in. That’s why software, like Microsoft, repeatedly sends patches. It’s because somebody got in. That’s why we are prepared with backups.”

And that’s also why Mt. Lebanon carries insurance.

Tips for You

Mt. Lebanon’s Information Technology Manager Nick Schalles offers advice to help keep your own data safe from ransomware and other hacks.

  • Use common sense. Don’t open any emails from unknown addresses or click on attachments you don’t recognize or weren’t expecting.
  • No one will EVER need to know your password. Never give it out.
  • A software company will NEVER call to say your computer has been compromised. That includes Microsoft. Hang up.
  • Never pay a ransom. You will label yourself an easy target and still may not get your data back.
  • Keep your software and hardware up to date.
  • Be careful about using public wifi, even if it has a password. Schalles said that anyone sharing the wifi with you can access material you’re inputting in a practice called “sniffing,” a type of online eavesdropping. Best to do your banking elsewhere.
  • Invest in backup/restore software. Ideally, it should be the type that updates your files automatically in the cloud whenever you make changes. That way, you lose the least amount of work if you have to install a backup.
  • Unplug external drives after you do a backup.
  • Make sure any websites you use are secure—look for a lock or similar icon on your browser’s address bar.


Photo by Tom O’Conner