VERNON TOWNSHIP — Smart data backups stopped a bad situation from becoming worse – and prevented the loss of taxpayer dollars to criminals – in Clinton County’s Vernon Township.
Vernon Township Fiscal Officer Tammy May was expecting an email when she received a fraudulent email claiming to be from a shipping company about a failed shipment.
“It was very realistic,” May said. “If you opened it, it was OK, but there was an attachment about a delivery or shipment that they couldn’t make.”
She opened that attachment and was hit with a “ransomware” attack. The data on her computer – including payroll, vendor payments, township minutes and agendas – was being held hostage for a few hundred dollars.
May said she was also concerned that paying the ransom might not solve the issue. How could she be assured the virus wouldn’t strike again?
However, May had set her accounting software to back up as often as possible, and she typically backed it up after her work was done. With help from the Auditor of State’s Uniform Accounting Network’s tax support department, the township and its taxpayers did not have to pay the ransom, and they restored and re-imaged the computer, essentially removing and reinstalling everything.
Now, May says she opens emails more cautiously, and she encourages others “to use extreme caution even when you are expecting something.”
She told the News Journal Thursday that she hasn’t had any issues since that April incident, and she continues to back up her data.
“Even more than before,” she said.
Other governments haven’t been as lucky. Of all the examples of recent cybercrimes Auditor of State Dave Yost was warning governments about, Vernon Township is the only one that didn’t lose money.
Thursday, Yost warned fiscal officers, treasurers and others who handle public money about cybercrimes targeting government entities.
“We’ve all seen and heard about the criminals who try to steal our personal funds. These scammers would like nothing more than to get their sticky fingers on our tax dollars, too,” Auditor Yost said. “We need to be vigilant because they are becoming increasingly sophisticated in how they attempt to steal money through the internet.”
Yost discussed several cybercrimes committed against local governments and school districts in recent months. He also explained methods used by perpetrators and provided guidance on how governments can avoid falling victim to the attacks.
Some of those attacks are tried-and-true email scams. Others are newer, such as the ransomware attack in Vernon Township. Ransomware, Yost said, encrypts your hard drive so you can no longer get your data. Then it threatens to ransom it to you or eliminate the data.
Peru Township in Morrow County paid a $200 ransom, Yost said, and an Eastern Ohio county will probably end up paying a ransom in Bitcoin, a digital currency. Yost wouldn’t reveal the name of that county since the matter is currently under investigation.
“If you keep all your files on a hard drive, you can’t possibly lose your data,” Yost said. “It would be catastrophic.”
Phishing emails — fraudulent, virus-ridden emails that ask you to download software, open an attachment or visit a link — still occur, Yost said. There’s a new trend of “spear-phishing.” Those same emails are often sent to specific people and with more sophistication.
For instance, at Big Walnut Local School District in Delaware County, an employee in the treasurer’s office received an email apparently from her boss asking her to wire $38,520. After several emails, she wired the money.
An employee in the Madison County Agricultural Society fell for a more typical scam – the clerk got a fraudulent phone call from someone pretending to be an agent of the IRS demanding payment of $60,000 in back taxes.
“The internet is the tool of choice for criminals, and we need to make it as difficult as possible for thieves to access community treasure chests,” Yost said.
Yost also provided tips to governments to prevent cybercrimes.
“When it comes to email, you need to verify then trust,” Yost said. “If you have to do something in response by email, call and check” to ensure it’s legitimacy.
He also called on local governments to:
• Review how their contact information is public displayed and consider removing email addresses to reduce the number of targets available to scammers.
• Create established procedures for regular updates of anti-malware software and backing up of data.
• Establish defined protocols for anyone dispersing public funds, especially when the requested transfer is initiated by email.
Yost said his office wasn’t issuing findings for recovery of any scams paid, but said future auditors may choose to.
“As awareness builds, I would not be surprised if some future auditor might see it like interest on a credit card” that government should never be paying it, Yost said. “Where there’s no other option (but to pay a ransom) it’s appropriate.”
Yost said sophisticated attacks can affect anyone and shared that he tested his own employees — 19 of 100 of Yost’s employees opened a phishing email sent by one of his staff.
“This isn’t a matter of competence,” Yost said. “This is a matter of a widespread sophisticated attack. … Be aware that it’s out there and you are vulnerable.”
Reach Nathan Kraatz at 937-382-2574, ext. 2510 or on Twitter @NathanKraatz.