Ransomware: How to Protect Yourself and Your Family

Earlier this month I brought my House Subcommittee on Intelligence and Counterterrorism, which I chair, to Michigan for a field hearing focused on how local officials, school administrators, business owners, and families can protect themselves against cyber attacks. I wanted to do this because since my very first day in office, local leaders have been telling me stories about how their offices have been hit by ransomware attacks.

In layman’s terms, ransomware is malicious software designed to deny a user or organization access to files on their computer. By encrypting these files and demanding payment to “unlock” the system, cyberattackers place organizations in a position where paying the ransom is the easiest and cheapest way to regain access to their files. And these attacks have become extremely frequent.

There’s the township supervisor who told me his network was hacked three times in one year. And the local power company that paid $25,000 in ransom to the cybercriminals who locked their internal communication system, along with another $2.4 million responding to the attack. Or the room full of superintendents who ALL raised their hands when I asked whose school data had been hacked. And did you know that hackers target the state of Michigan’s servers more than 90 million times a day?

Those are just some of the issues we highlighted in the field hearing, which featured testimony from the Michigan State Police, the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Department of Homeland Security (DHS).

But as new as those threats are, there are resources and experts that can help. If you are a local leader of a town, school, church, community group, or other organization and you find yourself locked out of your files or computer systems, here’s what you should do: 

• You should call the Michigan Cyber Command Center at 1-877-MI-CYBER. This is your “hotline” to report a cybercrime and discuss with Michigan State Police the ways that they can help make your organization more secure.
• You can also contact the Cybersecurity and Infrastructure Security Agency (CISA) at  www.cisa.gov. Here you can learn how to improve cybersecurity, details about the various resources that CISA offers and the ability to report incidents directly to CISA or get into contact with CISA.
• Because these attacks can cause lasting damage to your organization and potentially jeopardize private, financial, or other sensitive data, it’s so important to take steps to report them when they happen.
• The state and federal government both have trained experts in responding to cyber crime, so they are in the best possible position to help investigate the incident, mitigate its consequences, and help prevent future incidents.

But I don’t want you to wait until an attacker strikes to start taking action. There are steps you can take right now to protect yourself and you/your organization’s data:

• Ransomware attackers sometimes find an entry point within software by exploiting any vulnerabilities. So make sure you’re backing up all your data and that all your software is up-to-date.
• Most ransomware attacks are the by-product of bad habits or pure ignorance. Someone may voluntarily give out their password or download an unfamiliar file. Step up your employee/volunteer training so that the chances of this happening are much lower.
• The Michigan Cyber Command Center (MC3) offers resources to check and enhance your cybersecurity regime. Take some time to browse through the resources and vetted vendors you’ll find there.
• CISA also offers several free scanning and testing services to help organizations assess, identify and reduce their exposure to threats, including ransomware.
• Here’s something simple everyone can do- experts say enabling multi factor authorization can make an organization 99% less likely to fall victim to a ransomware attack. You can learn more here: https://www.cisa.gov/mfa
• And an important reminder: NEVER click on a link or open an attachment from an unknown source! If it looks suspicious…it probably is.

Here’s the bottom line: whether you’re in charge of a multi-million dollar organization or just checking your personal email, it’s time to step up your “cyber hygiene” routine. Cybercrime is modern warfare, and because of our reliance on the Internet, we’re all on the frontlines of this fight. So let’s arm ourselves with information and stay vigilant!

– Rep. Elissa Slotkin