After a specific type of hacking known as a 'ransomware attack' disabled the municipal computer networks of 23 mainly small Texas communities, Dr. Greg White, who heads the Department of Infrastructure Assurance and Security at UTSA, has one thought about the incident.
"Communities in the United States are not prepared for this sort of thing," he told News Radio 1200 WOAI. "Most communities across the country are simply not prepared."
A ransomware attack is one where a hacker gains entrance to a computer, usually through a user on the network who clicks on a corrupted attachment to an e-mail, and inserts a program into the network which encrypts all of the files. The hacker then demands a 'ransom,' frequently payable in bitcoin or other crypto currency and often reaching into the five or six figures, for the hacker to dis-encrypt the files and make the network usable again.
Dr. White says ransomware attacks on local governments are becoming more frequent for one reason.
"Because they work."
He says many small and mid sized communities don't have IT professionals on staff to guard against cyber attacks, and many don't take the simplest precautions.
"What I tell my students at UTSA is that the three most important parts of computer security are backup, backup, and backup."
He says simply copying the critical files onto a computer which is not connected to the network will save the commuity from having to pay the ransom. The attack renders the computers unable to perform the functions of the city, from collecting water bill payments to scheduling employees, and he says the hackers know that they will pay up because these functions can't be disrupted.
So far there is no indication of who pulled off the cyber attack. Dr. White says it could come from the U.S. or overseas, and he expects more to come.
"You don't click on something," he says of the best way to avoid being hit by hackers. "Don't click on anything on your computer, don't click on it, don't open it."
He says right now there is no technology available to dis-encrypt files which have been encrypted by ransomware hackers.