Cyber experts weigh in after Georgetown County ransomware attack

screen shot of Prof. Cory Nance from Live 5 report

As seen on WCSC-TV Live 5
By Carter Coyle

Watch the video version of this report on here.

CHARLESTON, S.C. (WCSC) – The last year many have learned how to increase personal hygiene through proper hand washing, wearing masks and using hand sanitizer. Just like that physical protection, security experts say we must be diligent about “cyber hygiene.”

It’s estimated that globally there’s one ransomware attack on a business every 11 seconds,” Cyber Security Professor Dr. Cory Nance said. “Most of them are cyber criminals- financially motivated.”

Dr. Nance works at The Citadel training the next generation of “cyber soldiers” who will fight against hackers, he said. The Citadel has several educational paths for cadets wanting to specialize in computer sciences. Dr. Nance said the industry has negative unemployment rate as the need for cyber experts increases.

He said the bad actors are constantly developing new malware including ransomware to attack individuals, businesses and governments in a form of digital warfare.

Cybersecurity Ventures estimates that “global ransomware damage costs will reach $20 billion by 2021.”

“This is a tough problem and certainly not going away anytime soon. The attacks are just becoming more and more sophisticated with more psychological pressure being put on these organizations to want to pay that ransom,” Dr. Nance said.

That’s exactly what happened seven weeks ago in Georgetown County.

Public Information Officer Jackie Broach said that just like hurricane or tornado, a cyber disaster hit the county on January 22 in the form of a ransomware attack.

“It really shut everything down from Wi-Fi to email,” Broach said. “We couldn’t access files on our network. It really did just bring us to a grinding halt. The only thing that still worked was our phones cell phones and desk phones.”

Ransomware basically locks up and encrypts a computer system and files, and then hackers demand money for the decryption key.

The Georgetown County attack is still under investigation so Broach said she couldn’t divulge the amount of the ransom.

“But it was a large amount in cryptocurrency, which I think is standard,” she said.

Instead of paying the ransom, the county’s IT department has been rebuilding, upgrading and fixing every computer and at least 50 servers.

“The county’s IT Department has done what normally would take six or seven months of work in the last five weeks,” Broach explained. “They are just trying to work around the clock as quickly as possible to get things back up and running and basically rebuilt from scratch.”

Thankfully, Broach said, Georgetown County does have cyber insurance.

The more than $250,000 dollars in expenses because of the attack will only cost them a $10,000 deductible.

She said citizen information was not exposed or accessed, and that “files are still there, files are still fine,” they just couldn’t open them because of the ransomware.

Even if they’d wanted to pay the ransom to speed things along, Broach said there’s no guarantee the hackers would have followed through with their end of the bargain.

“In a perfect world, no one would pay the ransom,” Bruce Smalley said.

Smalley is the Chief Information and Risk Officer with the State Law Enforcement Division. Whether to pay up depends on the entity’s resources and backup options, he explained.

“Without backup capabilities, many organizations unfortunately are left with no choice but to pay the ransom.” And such a cycle only encourages the lucrative attacks to continue.

Smalley and his team at SLED are working to make sure hackers don’t make it that far. He leads the Critical Infrastructure Cybersecurity Program, a taskforce of cybersecurity experts in South Carolina.

“You may not think of South Carolina as a cyber security hub,” he said. But Smalley said their program has been touted as one of the best in the country. “The reality is most states do not have a program that can match the capabilities of South Carolina. In fact, the national Governor’s Association said South Carolina has the most comprehensive and innovative Critical Infrastructure Cybersecurity in the country.”

One goal of SC CIC is to train state agencies and governments to prevent cyber-attacks. They also act on intel and leads to stop them ahead of time.

SC CIC will also investigate when malware attacks do get through, like in Georgetown County. Broach said SLED is investigating in that case to help them find out more about the hackers and origin of the attack.

“It really just boils down to protecting the citizens of South Carolina,” Smalley said, adding that SC CIC operates on an $800,000 annual budget.

“We were able to save the taxpayers of South Carolina close to $15 million in cyber and cyber-related expenses…That’s a pretty great return on investment,” Smalley said.

The City of Charleston recently signed on to that free partnership with SC CIC.

He said the city’s layers of security have thwarted many attempted attacks. “They do happen constantly all day. Emails are trying to come in. Our system filters emails before they even come in. They may be laced with malware or ransomware.”

Ratterree said with SLED’s help, the city recently sent a test email to employees trying to collect information like a hacker would to gauge where security weaknesses are. His team also reached out to Georgetown County after their hacking incident.

“It’s a learning tool at their expense unfortunately. But we always investigate those scenarios, especially if they’re close to home,” Ratterree said.

We asked dozens of local municipalities if they’ve ever had attempted or successful cyber-attacks. While they were hesitant to release details for security reasons, some cities and counties told us they have multiple layers of cyber security. Others have cyber insurance to protect them in case of an incident.

Ratterree said a system is most vulnerable with its end users, the every day employees in the system who just checking their emails and doing their jobs, not necessarily thinking about cyber security attacks day to day.

That seems to be the case in Georgetown County, Broach said. “I think it’s fair to say it’s nobody’s fault. It came in via an email to a staff member like a phishing email. It was not one of those “crown prince so and so.” It was very sophisticated.”

Cyber-attacks do not just put a citizen’s personal or financial information at stake. They could also have life or death consequences if successful.

A hacker got into a Florida city’s water treatment system earlier this month and tried to poison the water supply with lye.

A future hack into our power grid could be devastating, Dr. Nance said.

“As we’ve seen recently in Texas – even though that wasn’t an attack – you see what happens when the power goes out. And if a bad actor can make the power go out like that in the winter, that can have huge ramifications for the people.”

Georgetown County Human Resources Director Walt Ackerman answered questions from Georgetown County’s Council during last week’s meeting.

“Insurance will get us back to where we were, but now we are a target. We’ve had several attempts at breaches since we were attacked, so if we don’t put additional protections in place, we’re just going to be in the same boat again,” he said.

The Council approved $140,000 to implement equipment upgrades now that they had planned for the next couple of years. The experts we talked to say more communities should consider such cyber investments now to prevent disasters in the future.