Local

Nation’s cybersecurity agency using alerts to prevent the damage of ransomware attacks

WASHINGTON D.C. — More ransomware attacks are happening nationwide, and every industry is a possible target.

>>> STREAM ACTION NEWS JAX LIVE <<<

From a payroll hack impacting how you get paid to a hospital attack exposing your medical records, the damage left behind by these attacks can impact almost every aspect of our lives.

[DOWNLOAD: Free Action News Jax app for alerts as news breaks]

“A ransomware group stole confidential patient information which included names, social security numbers, and medical information from a health center,” Republican Senator Josh Hawley of Missouri said during a congressional hearing about ransomware attacks in March.

In some cases, the impact can even be deadly.

“The attack prevented healthcare providers from using equipment that monitor a baby’s condition during delivery and as a result the infant tragically passed away,” Senator Gary Peters, (D) Michigan said.

But what if you could prevent some of that damage? That’s the goal of new Pre-Ransomware Notifications. It’s run by the U.S. Cybersecurity and Infrastructure Security Agency or CISA for short.

Read: Aspen Dental falls victim to cyber attack, causing issues with scheduling patients

“Not only can we focus on preventing attacks, we can focus on reducing harm once they occur,” Eric Goldstein, executive assistant director for cybersecurity at CISA said.

Goldstein said some cybersecurity companies will alert CISA when a hacker gains access to a network.

“[Hackers will] use a phishing email that will get them access to one employee’s computer, but the crown jewels of that company might not be on that computer,” he said.

Goldstein explains that hackers will bounce around the compromised system to figure out which records to lock up for a ransom. This process can take hours or even days and that’s the same critical window CISA relies on to step in and help.

“We send our regional personnel on the double to knock on a door and say hey if we take these steps right away, we can get a head of these bad guys before they cause harm, before they cause damage, before the worst-case scenario is realized,” Goldstein said.

Read: Jacksonville Sheriff’s Office experiencing suspicious cyber activity, independent sources say

So far this year, CISA has notified more than 200 organizations nationwide and 40 internationally.

Now the agency is working to scale up the program. But Goldstein said they need companies to report these attacks whenever they happen.

“There is no shame in being targeted. The most important thing is what you do next, which should be reported to the federal government and take steps to respond, recover, and then harden effectively,” Goldstein said.

The agency says you can find more information on ransomware reporting and additional resources to manage ransomware risk at stopransomware.gov.

Goldstein said CISA is also working with companies in another program to help prepare them before something happens in the first place. He explains this program will identify various vulnerabilities that could open a company up to a possible ransomware attack.

[SIGN UP: Action News Jax Daily Headlines Newsletter]

“We’re using our free services to identify these vulnerabilities and then when we see one, then via our nationally aligned teams across the country, we’ll get out there, we’ll knock on a door, we’ll make a phone call,” Goldstein said. “And we’ll say you might not have had an attack yet. But you really need to fix this vulnerability pronto before an attack happens that way, ideally, we’ll reduce the frequency of these attacks over time.”