four Investigations: Ransomware Assaults Rise in New Mexico
“The level to which we should be careful has never been so high … and it is everywhere from consumers to large corporations,” said MK Palmore of cybersecurity firm Palo Alto Network. He is also a retired federal agent who previously ran the FBI’s cybersecurity division in San Francisco.
According to a recent report by Palo Alto Networks, the average ransomware payment was around $ 500 just five years ago. That number skyrocketed to an average ransom payment of $ 850,000 in 2021.
“And we’ve seen payments over $ 10 million targeting large corporations,” added Palmore.
As the ransomware threat continues to plague almost every area of life, some of the most sensitive personal data about New Mexicans resides on state government servers, including data from the MVD on tax and unemployment records.
New Mexico Chief Information Security Officer Raja Sambandam holds a position that until recently did not even exist.
4 Investigator Nathan O’Neal: When it comes to the state government, what becomes vulnerable in this type of attack?
Sambandam: “Very good question. Data is the name of the game, especially sensitive data – data that can be monetized – this is what the bad guys are after.”
Sambandam said the state’s networks have not been directly targeted by ransomware attacks, but the state routinely scans its system for possible threats.
“We are far exceeding monitoring best practices,” said Sambandam.
While Sambandam was unable to reveal details about their security systems or protocols, he claims that New Mexico ranks in the top 10 percent of the state for prevention practices.
“The security protection I’m working on is multi-layered. There are several levels and then the authorities themselves have their own level, ”said Sambandam.
4 Investigator Nathan O’Neal: “Would the state ever think of paying a ransom?”
Sambandam: “I don’t think that’s basically the message I got. Much like what the Feds do – the Feds on principle … don’t subscribe to ransom.”
However, finding the culprits behind cyberattacks can be problematic.
“It can be extremely difficult,” said Palmore of Palo Alto Networks. “I happen to be a retired federal police officer. I know that conducting this investigation is one of the most difficult types of investigation that can be conducted.”
Palmore said one of the biggest hurdles was locating those responsible.
“Once you get beyond that, it can be extremely difficult to actually get people involved in the justice system if you don’t have diplomatic ties with the countries where most of those people are,” Palmore said.
There are a few things you can personally do to protect yourself and your employer … especially if you work from home. The easiest thing to do is to be wary of suspicious phishing emails or websites. Do not open unknown links or give your information to unknown websites. Also – change your passwords frequently and make it difficult to crack your passwords and use two-factor authentication whenever possible.
You can find more tips here.