NEW BRITAIN, CT (WFSB) -- When it comes to ransomware attacks, many cities and towns across the state have been targets.
With those many areas being in the headlines for all the wrong reasons, the I-Team looked into what’s being done to protect data from hackers.
The nerve center for the city of New Britain, a city of 70,000, lives in a small closet inside city hall.
“We do have data information on people, records, our city clerk has birth records and real estate, so it is our duty, and we take it very seriously. It's a very big deal,” said Paul Salina, New Britain’s director of Support Services.
It's not the equipment that keeps Salina up at night, it's the users and their vulnerability to outside attacks.
“We have approximately just under 800 people who have email access in the city, so we want them to be sure they understand about scams and phishing techniques and so forth,” Salina said.
Phishing, or an attempt by a scammer to access a network by getting real credentials through fake emails, is one of the main ways hackers access systems like New Britain’s. Any access is a potential for a ransomware attack.
“We have filters, we have protections that we're constantly updating, that scan all the attachments, and they look for things that are unusual,” Salina said.
As recent headlines have shown, even sophisticated defenses can be vulnerable, and cities and towns across Connecticut have paid the price.
In some cases, they literally paid the price, when hackers take down an entire system and demand a payment or ransom before they'll allow access to the data. It's happening more often and it's becoming increasingly well-timed to exact the biggest pain.
“We've seen basically a doubling or ransomware attacks from 2018 to 2019, and it's continuing to increase and we're seeing the attackers getting smarter in when they launch attacks. For example, we saw 15 attacks against school systems in August and September of this year, designed specifically to either force districts to pay or to delay the start of school,” said Allan Liska, of Recorded Future.
Liska tracks the attacks nationwide, and offered up some examples in Connecticut where attacks against municipalities have occurred in places like Plymouth, Colchester, Portland, Hamden, Middletown, Wallingford, Watertown and Wolcott.
Wolcott is one that drew news coverage after back-to-back attacks on the school district.
Liska said he always advises clients not to pay the ransom, but that's not always cheap either.
In Atlanta, they refused to pay a ransom of $5,200, but ended up spending upwards of $2.8 million rebuilding their network.
That big number shows why protection, like good off-site backups, are so important.
“Security is constantly evolving to protect against the attacks, to the attackers have to evolve to stay one step ahead of the security measures put in place,” Liska said.
In New Britain, they take many of those steps, including several different backups every day, and by what's called segmentation of the network to keep an attacker from being able to shut down the whole city at once by restricting who has access to what.
“There is probably no one inside the building, except the it people, who have access to everything. I don't think even the mayor has access to everything,” Salina said.
The threat keeps evolving and cities and towns must too. It's become so important that later this year the state is organizing a disaster drill, the kind they normally do to prepare for hurricanes or terrorist attacks, that will mock up a widespread cyber-attack to practice a response.