I-TEAM: Don't be held hostage by a cyber hacker

Lake City, Riviera Beach pay thousands in ransoms to get data back

JACKSONVILLE, Fla. – Experts say cyber hacking is worse than ever before, and something we use every single day is the door criminals are using to take over families, businesses and cities.

Using software called ransomware, thieves lock up data through encryption, making important files and functions impossible to access -- and it starts with the click of a button.

“It only takes one person in the company,” said Chris Freedman, co-founder of the cybersecurity firm OnDefend. “Even if you have 1,000 employees, it only takes one to take down an entire organization that easy.”

Cities held hostage by hackers

Ransomware is hitting close to home, recently taking over government computers and servers in Lake City and Riviera Beach, as well as the Georgia Court System.

The hackers usually demand a ransom days later, required to be paid in digital and virtually untraceable currency, like Bitcoin.

Some of the governments whose files were compromised paid hundreds of thousands of dollars to get the information back because it’s cheaper than starting from scratch.

There were 184 million ransomware attacks worldwide in 2018, according to Digital Guardian. The software, sent often by overseas hackers, is taking over computers and helping criminals steal hundreds of thousands of dollars.

“It’s big business. A billion dollar industry,” Freedman said.

Major companies had previously been the biggest targets but there’s a new victim: local governments.

“They’re probably the least funded into security defenses,” Freedman explain. “So that makes them the most vulnerable.”

It cost Atlanta $17 million to recover from a hack last year. Baltimore will have to pay around $18 million to get its data back.

Ransomware locks up communication, bills, personal information and can even shut down a power grid.

And the attacks don’t discriminate. In June, an unknown hacker got into Lake City’s server, likely after sending a phishing email to employees. The likely scenario: someone clicked a link, allowing the software download on their computer and access the entire city’s server. All the city’s files were locked up.

“It brought the city basically to a grinding halt for several days,” said Sgt. Mike Lee with the Lake City Police Department. “We had no telephone lines, our phones were offline, our email system was down.”

The hacker sent Lake City leaders a demand: pay a hefty $460,000 ransom in Bitcoin or the files will be locked forever.

“It is a lot of money and everybody says, 'Well, let's don't pay bribes or last, don't pay thieves,' but you got to do what's best for the citizens,” longtime Mayor Stephen Witt explained.

City council members voted to hand it over. Taxpayers ended up footing $10,000 of the bill. The rest of the payout came from the insurance company, through the Florida League of Cities.

“I listened to the experts and what their advice was and made the decision that was best, not one I've wanted to make with my heart,” Witt said.

WJXT demonstrates how a hack can happen

So how can a criminal take down an entire city in a matter of minutes?

The I-TEAM brought in cyber security experts from OnDefend to try to hack into the system at WJXT, an experiment that was supervised by WJXT's IT Department.

OnDefend security consultant Billy Steeghs sent Vic Micolucci an email that looks like it’s from News4Jax photojournalist Joe Owens.

News staff members send and receive hundreds of emails a day, and at first glance, it seemed no different. But an attachment, which appears to be video from a breaking news story, downloads ransomware onto the computer.

“Now your computer just became unavailable,” said Steeghs, a longtime computer programmer.

Turns out, Steeghs built a spoof email address: jowens@wjxtt.com. Notice the extra “t” after “wjxt.” It’s that easy. The software was able to encrypt or lock up all the files. The laptop was useless with an encryption key, which is what the hackers demand money for.

“If this computer was connected to an open network, these programs populate into really quickly, which means all your computers could’ve been affected,” Steeghs said. “It goes fast and it’s pretty much immediate.”

We asked how long it took to set up this scam and Steeghs responded, "Less than five minutes."

Malware programs target individuals

Other malware programs act a little differently by targeting individual people. They can monitor an internet user’s key strokes and mouse clicks to spy through web cameras and use the victim’s computer to hack into other computers. It essentially creates a web making the source of the original breach even harder to trace.

“They're sending out bots that just blanket the nation and it's a numbers game,” Freedman warned. “Who's going to click and how far can -- how much data can we get?”

OnDefend experts showed a site that looks just like a payroll company’s. Examples include: Paychex, ADP or Workday.

“They ask you to kind of verify your pay stub,” Steeghs said.

Unsuspecting victims will enter their username and password and someone from across the world can redirect their direct deposit paycheck to their account, siphoning out all the future checks until the victim catches on.

Protect yourself from cyber crooks

Experts said as Americans rely more on technology, they need to know the vulnerabilities. The United States is by far the most targeted in cyber attacks, and a single click of the mouse can make an entire city go dark.

"Email is not a very safe way to communicate," Steeghs warned.

Be careful. That’s the final word from cyber experts. No matter if you're running a business or just your household, watch out for every email you get. Even a trusted spam filter, antivirus software or firewall can be compromised.

Those popular antivirus software programs don't always work with these new attacks. Freedman and Steeghs suggest users read every character in every email address. It takes extra time, but it can save users a lot of money and headaches.

Also, if your bank or company asks you to update your information, don't do it through the email. Instead, go directly to their website to access your account.

Finally, experts recommend companies and government agencies consider hiring "ethical hackers," which are legitimate cybersecurity experts who try to hack into servers and look for weaknesses.

While the attacks are most prevalent on computers, experts said smartphones are not completely immune. Hackers are getting better and analysts say that’s the future. 

OnDefend is developing apps and programs to help detect and stop the attacks. They hope to release them soon.

If anyone needs assistance with testing or training to defend against these kinds of attacks, email OnDefend at contact@ondefend.com or call 1-800-214-2107.

More questions answered

Can smartphones get hacked?

Yes. Although apps on mobile phones go through a very rigorous review process, there are cases where malicious apps have made it through the iPhone App and Google Play stores. Something we do see frequently is insecure or malicious Wi-Fi access points that can be used to gain access to your devices and the information you access on the internet.

WATCH: I-TEAM gets answers to your questions about hackers

Is there a software that's best at catching these?

ProofPoint or personal solutions like Cylance can minimize the chances malicious activity and applications are installed through phishing attacks. We always recommend that you have an up-to-date virus scanner on your computer. 

What about online backups?

Using a real online and off-site backup solution such as Carbonite is a good idea. Making a backup on an external hard drive regularly and disconnecting it from the computer is also a very safe and fast way to recover. External hard drives are very affordable, and everyone should use them. 

If you have more questions, email vic@wjxt.com.

About the Authors:

Lifetime Jacksonville resident anchors the 8 and 9 a.m. weekday newscasts and is part of the News4Jax I-Team.