Ransomware law prevents North Carolina government agencies from paying hackers

WILMINGTON, NC (WECT) – Ransomware is a type of cyberattack that can cripple industries, utilities, and even government agencies’ ability to access all of their digital networks. Hackers gain access to a network in several ways, encrypt an entity’s files and demand a ransom before providing the encryption key. In North Carolina, attacks on government entities have become a more common threat, but now, due to a new law, government agencies will no longer be able to pay these ransoms.

According to a report from the North Carolina Department of Information Technology, evidence of attacks is becoming more common.

“No state agency or local government entity shall submit payment or otherwise communicate with any entity that has engaged in a cybersecurity incident on a computer system by encrypting data and then subsequently offering to decrypt such data in exchange for a ransom”, the law reads.

That means recovering data isn’t as simple as paying hackers for that encryption key, and in North Carolina, attacks aren’t uncommon.

“From 2016 to 2019, local governments, community colleges, and public school systems in North Carolina reported 17 ransomware attacks of varying degrees to the North Carolina Department of Information Technology. In 2020 alone, the NCDIT received the same number of reports. Of the 34 attacks since 2016, city or county government entities reported 31,” according to the NCDIT report.

For a local lawmaker, banning payment to criminals might be a stumbling block for those under attack, but it’s a place to start fighting back.

“As frustrating as it is to see hackers interfere with systems or data, the only way to stop or reduce such an event is to not reward the wrongdoers. The hope is that by removing the profit motive for such criminal behavior, we can prevent it from happening. I hope all municipalities will take care to create redundancies and install state-of-the-art firewalls to protect their vital data. said Representative Deb Butler.

In New Hanover County, there were at least 6 ransomware attacks on government networks in 2017.

The Colonial Pipeline attack in 2021 showed how vulnerable systems are and how critical infrastructure can be brought to its knees with the click of an employee.

Matthew Coleman is the chief marketing officer of Atlantic Computer Services, a Wilmington-based company that provides IT services, including helping to protect businesses from cyberattacks. He says most people have the wrong idea about hackers and how these nefarious actors get into a system or network. It often comes down to human error or a lack of knowledge and education about preventing malware in a system.

“One of the main ways that ransomware attacks enter a business is almost always through email. So phishing attempts, spam, emails, things that come out like that, the stereotype of attackers hooded sitting on his computer desk, and the dark basement… that’s a misnomer. It’s more about bots and automation, email campaigns coming out and basically looking like someone who walks around a neighborhood and just checks the doors of houses until he finds one open,” Coleman said.

Paying a ransom is often an easy way for companies or governments to recover their data, but it’s not recommended.

“The FBI does not support paying a ransom in response to a ransomware attack. Paying a ransom does not guarantee that you or your organization will recover any data. It also encourages perpetrators to target more victims and incentivizes others to engage in this type of illegal activity,” according to the FBI.

Copyright 2022 WECT. All rights reserved.

Ashley C. Reynolds