Cyber and ransomware attacks: A serious threat in Michigan

LANSING, Mich. (WILX) - Businesses and governments are doing more and more of their work online, which makes them more and more vulnerable to ransomware attacks.

Ransomware is a seriously growing threat to the community and it has doubled in the past year. A lot of companies won’t report the attack -- they quietly pay the ransom without making the situation public.

Mid-Michigan has seen that firsthand when hackers accessed files on Lansing’s Board of Water and Light system -- leaving BWL with no choice but to pay up.

There’s been a huge increase in ransomware attacks in the last couple of years. They were up 105% worldwide in 2021 alone. City governments are common targets and Clarkston’s city manager found that out the hard way.

“So in 2019, the city of Clarkston experienced a cyber attack, ransomware to be specific. We came in one morning and all our our files were locked up, files that I had worked on the day before were no longer accessible,” said Jonathan Smith, Clarkston’s City Manager.

IT experts determined the files had been encrypted the night before. What came next was predictable -- the hackers demanded $40,000 for a decryption key. The city manager made the decision to pay the ransom.

“And we got, shortly thereafter, a decryption code that unlocked all of our files. Before we paid, however though, we asked for a test and they gave us a decryption code to one of our files and sure enough it unlocked it,” said Smith.

Ortonville’s Village Manager told me that his community has been lucky so far. But he’s not counting on luck -- he makes sure his team is prepared.

“We work very closely with our IT provider. As a small village, it means our staff is small but we stay trained. So we do regular training and I also get to be our IT support person. So, I work very closely with our vendor,” said Ryan Madis, Ortonville’s City Manager.

He knows governments and municipal utilities, like the Lansing Board of Water and Light, often don’t have a choice. They can’t lose the encrypted files, so they have to pay the ransom.

“But it’s something we know that we mist constantly be worried about -- be constantly vigilant about because bad actors do target local units of government,” said Madis.

It took Clarkston about three days to get all of its files back to normal after paying. To make sure an attack doesn’t happen again, the city manager says they’ve updated their firewall and they’re running daily back-ups of all files.

Tracking down the hackers behind ransomware attacks is often impossible. They’re usually overseas and often run their scams through multiple countries before hitting systems here in the United States.

Read next:

Copyright 2022 WILX. All rights reserved.

Subscribe to our News 10 newsletter and receive the latest local news and weather straight to your email every morning.