Earlier this year, the Lehigh Valley Health Network was targeted in a ransomware attack by the Russian group BlackCat, which posted photos and documents after the health care provider refused to pay the ransom the hackers demanded.
Just last week, the Wilkes-Barre Career and Technical Center was also hit by a cyber attack, although officials said antivirus and backup procedures "prevented a catastrophe."
Now, local authorities are urging members of the public to be alert to online threats.
"Ransomware is one of the more devastating cyberattacks a person or organization can face," District Attorney Sam Sanguedolce said. "Essentially, it disables the user's ability to access any of his or her contacts, work or other data and information. Fortunately, cyberattacks are rarely directed at average individuals since the attacker's main goal is — just like in any historic ransom case — exchange that which is held hostage for a large sum of money."
Sanguedolce said businesses and government entities, rather than individuals, are generally the targets of cyberattacks, most of which originate from countries including Russia, Ukraine and China.
As soon as a cyber attack is discovered, it is imperative to contact internet security experts as well as local law enforcement, he said.
"Although your local police oftentimes do not have the resources to counter a cyberattack, they will best know in which direction to take the information," Sanguedolce said. "We most often will work with the State Police Computer Crimes Unit and bring in appropriate federal agencies."
Because such investigations are extremely difficult and time consuming, Sanguedolce stressed the importance of preventing ransomware attacks in the first place.
"Ransomware typically infects a user's device because you invited it into your computer or system," Sanguedolce said. "It is disguised an otherwise friendly link or attachment selling something, asking for information, or warning you something went wrong."
He warned users to ensure their antivirus protections are up to date, and to be "extremely wary" opening any file the user did not request. Users should not trust emails just because they contain an official company logo, and should always check the actual email address where the message originated.
According to the Cybersecurity and Infrastructure Security Agency, ransomware is typically delivered through phishing emails, which appear to have been sent from a legitimate user and are designed to trick the victim into opening a malicious link or file.
In order to prevent a ransomware attack, users are urged to be careful when opening links and files delivered by email, even if it appears to have come from a known sender. This is particularly true when the attached file is a compressed, or ZIP, file.
The agency recommends users verify suspicious emails by directly contacting the sender — not by replying to the email.
People should also ensure their computer software is up to date and that their data is backed up frequently. That way, if the computer gets infected the victim will be able to restore the system to its previous state using the backups.
"If you were to suffer an attack and a hacker entered and shut down your system, you would still have all of your data to which the hacker could not block your access or infect," Sanguedolce said. "It is important that the data be regularly updated and kept off line and separate from the parent device."
© 2023 The Citizens' Voice (Wilkes-Barre, Pa.). Distributed by Tribune Content Agency, LLC.