ALBUQUERQUE, N.M. (KRQE) – The victim was astonished. He said, “I was very surprised. I said who would want to attack us?”
‘The Nightmare on Copper Avenue’ occurred shortly before New Year’s in downtown Albuquerque. A sophisticated gang of thieves orchestrated a clandestine break-in that was brazen, malicious, and costly. They didn’t break windows or kick down doors to gain entry. And they weren’t after jewels or valuable art. In fact, the crooks who raided the building weren’t even there. You see, the Copper Avenue break-in was a cyber-attack. International outlaws hacked into a government computer system, hijacked its data, and held it for ransom.
KRQE Investigations
- Behind the story: Larry Barker investigates MRCOG ransomware attack
- Robotics Management Learning Systems: A look into the ghost company funded by APS
- Inside a multimillion-dollar, counterfeit Native American art syndicate
- New Mexico firefighter threatens to sue over DWI arrest
- New Mexicans facing ID theft, unemployment fraud after pandemic benefits surge
It’s part of the ‘digital pandemic‘ that has struck the United States. This year, the damage done by cyber outlaws is estimated to reach $20 billion. In May, gas prices soared after the computer system of a major U.S. energy supplier was hacked. Colonial Pipeline paid the crooks a $4.4 million ransom to retrieve its data. And, beef prices rocketed sky-high after cyber bandits shut down the operation of a major Midwest meat producer. The ransom in this case? $11 million.
These cases you know about, but there’s another cyber-attack you haven’t heard before. The Mid-Region Council of Governments, or MRCOG, is a government agency that operates the Rail Runner and manages federal funds for central New Mexico communities. The Nightmare on Copper Avenue struck MRCOG on December 28th last year.
“My I.T. employee said that there was something that was going against our computer systems,” MRCOG’s Executive Director Dewey Cave says. “They were having a hard time actually getting into the (computer) system and utilizing it. Somebody had gone on the system and was basically taking charge of (it),” Cave said. The The Mid-Region Council of Governments was under attack.
Anonymous cybercriminals remotely took control of the agency’s computer system. “What do we have that people would want,” Dewey Cave said. The answer is data. The computer crooks changed passwords, gained access to files stored on servers, and scrambled MRCOG’s computer data, rendering it unusable. Because the Rail Runner is operated on a separate system, the train was not impacted. However, for the most part, MRCOG was shut down.
“They send you a message saying that they are in control of the system and that they are demanding … money to give (MRCOG’s data) back,” Cave says. “In this case, it was like a $250,000 ransom. They wanted Bitcoin, and I have never dealt in Bitcoin before, so I wouldn’t know where to get that. But I felt like it was a lot of money. There’s no way we (could) afford to pay that,” Cave said.
Rather than pay the quarter of a million-dollar ransom, MRCOG hired a private I.T. security team to try and retrieve data and free the computer system held hostage.
“It ended up costing us a considerable amount of money … to recover and to implement systems in the future, but nowhere near what the ransom would have would have cost us,” Cave says. “By the time we cleaned out all of our systems, all of our computers and reset them … it ended up costing us a little over $100,000.”
So who are these guys? The MRCOG ransomware attack is believed to have originated somewhere in Germany. However, no one has been able to identify the cyber crooks or their location.
“Cyber-crime is far more prevalent than it used to be,” says Joshua Liberman, President of an Albuquerque-based cyber security firm, Net Sciences. “Recently, I read (cyber-crime is) in the top four crime industries in the world. And even just ransomware is now approaching a trillion-dollar status,” Liberman said.
Liberman says, in many cases, it’s quite easy for cybercriminals to break into computer networks. “It’s not brute force. It’s not through the firewall. It’s always in a roundabout manner. It’s by clicking. You’re tricking people into clicking. Once they click and they start a compromise, they open a door into their network unwittingly. There’s no limit to the way we can be tricked,” Liberman says.
In MRCOG’s case, the extortion plot failed. However, damage to the government agency was considerable. Cyber detectives were unable to retrieve MRCOG’s hostage-held data. Taxpayers footed the bill to reconstruct files, clean servers, and install security software to prevent future attacks. MRCOG got off relatively easy. Some victims are not so lucky.
“It can cripple or end a small business. How many people (reading) this right now could pay that $250,000 fee and move forward with their business even if nothing else went wrong,” Net Sciences President Joshua Liberman says.
The Mid-Region Council of Government’s I.T. managers thought the agency computers were secure. December 29th changed all that. “We’ve implemented a system that monitors activity traffic all the time, 24 hours a day, to determine whether or not somebody is trying to penetrate our system. And that’s something that we didn’t have in the past,” Dewey Cave said.
Are most small businesses and government agencies adequately protected from cyber-attacks? “Emphatically no, not at all,” Joshua Liberman says. “Virtually no businesses are adequately protected, and many businesses are not protected at all.”
