WEST LAFAYETTE, Ind. (WLFI) — A Purdue University expert says ransomware attacks worldwide are becoming more widespread to the tune of thousands per day.
The ransomware attack that shut down Colonial Pipeline's network and caused nationwide fuel shortages is similar to an attack last month on Logansport Community School Corporation.
"This is a widespread problem," says Eugene Spafford, a computer science professor at Purdue. "Some sources say that about 4,000 ransomware events per day are occurring."
Spafford says the criminal organizations that carry out these attacks have grown over the past decade.
"As the criminals gained both funds and sophistication, they started going after larger organizations, so now most of the targets are municipal organizations, educational, health."
The hackers often hold an organization's network hostage in exchange for a ransom. Here's what Logansport schools Superintendent Michele Starkey told News 18 last month:
"They encrypt a system and why they ask for money is to give you the decryption tool to decrypt what they've encrypted," she says.
Starkey says the hackers asked for 13 Bitcoin but the corporation didn't pay the ransom. But Colonial Pipeline reportedly paid millions of dollars to its attackers.
In a statement on ransomware guidelines, the FBI says: "Paying a ransom doesn't guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity."
Similar to the Colonial Pipeline situation, police say the Logansport attack likely originated from a foreign country. Starkey doesn't believe any sensitive information was compromised.
"They're located generally in a country where they're not going to be extradited, they're not going to be identified, and they're trying to establish a reputation that you pay them or else," Spafford says.
Spafford says companies should practice what he calls "basic cyber hygiene." That includes protecting separate systems with different passwords and having a backup and recovery plan.