4 Investigates: Ransomware attacks on the rise in New Mexico
ALBUQUERQUE, N.M. — Cybercriminals have targeted a host of victims throughout New Mexico.
In 2019 hackers targeted Las Cruces Public Schools — crippling the district’s network. In March 2021, a hospital in Gallup was hit by a cyberattack which forced hospital staff to operate on pen and paper in the middle of the pandemic. In May 2021, a cybersecurity attack targeted "Sol Oriens" — an Albuquerque-based company that consults on federal nuclear weapons projects. In each case, few details are known about the extent of the damage and the source of the attack.
However, across the country high profile hacking is making headlines. One of the most notable: when hackers paralyzed a gas pipeline on the east coast and demanded a $5 million ransom.
Ransomware attacks can target anyone anywhere — hijacking entire computer networks and paralyzing them before demanding a ransom. However, cyber security experts say the problem is only getting worse.
"The degree to which we should be paying attention to this has never been higher… and that goes everywhere from consumers to high-scale businesses, “said MK Palmore of the cybersecurity firm Palo Alto Network. He is also a retired federal agent who previously led the cybersecurity branch for the FBI in San Francisco.
According to a recent report conducted by Palo Alto Networks, the average ransomware payment just five years ago was around $500. That figure has skyrocketed in 2021 to an average ransom payment of $850,000.
"And we’ve seen payments north of $10 million targeting large-scale business entities," added Palmore.
As the threat of ransomware continues to plague nearly every sector of life, some of the most sensitive personal data about New Mexicans sits on state government servers, including data from the MVD to tax and unemployment records.
New Mexico’s Chief Information Security Officer Raja Sambandam heads up a role that until recently didn’t even exist.
4 Investigator Nathan O’Neal: When it comes to state government, what becomes vulnerable in this kind of attack?
Sambandam: "Very good question. Data is the name of the game, especially sensitive data — data that can be monetized — those are the ones that the bad guys are after."
Sambandam said the state’s networks have not been directly targeted by ransomware attacks but the state routinely scans their system for possible threats.
"We exceed, by far, the best practices to monitor," said Sambandam.
While Sambandam could not disclose specifics about their security systems or protocols, he claims New Mexico ranks in the top 10 percent of state in prevention practices.
"The security protections that I work on is layered. There are multiple layers and then the agencies themselves have their own layer," said Sambandam.
4 Investigator Nathan O’Neal: "Would the state ever entertain the idea of paying out a ransom?"
Sambandam: "I don’t think in principle that is the message that I have received. Very similarly to what the feds are doing — the feds by principle… do no subscribe to paying a ransom."
However, finding the culprits behind cyberattacks can be problematic.
"It can be extremely difficult," said Palmore of Palo Alto Networks. " I happen to be a retired federal law enforcement official. I know that in conducting these investigations they happen to be some of the most challenging types of investigations that can be conducted."
Palmore said one of the biggest hurdles: pinpointing who’s responsible.
"Once you get beyond that getting folks actually rolled into the justice system can be extremely difficult if there are not pre-existing diplomatic relationships with the countries where most of these individuals are found in," said Palmore.
There are a few things you can do personally to protect yourself and your employer… especially if you’re working from home. The easiest is to beware of suspicious phishing emails or websites. Don’t open unknown links or give your information to unknown sites. Additionally – change up your passwords often and make your passwords difficult to crack and use two-factor authentication when possible.
Additional tips can be found here.