COS computers hacked-not an attack
August 23, 2019
According to a newsletter sent to all COS members via email, Congregation Ohev Shalom experienced a ransomware attack on its main server on Monday, Aug. 5. Ohev administration contacted the Maitland Police Department, the Department of Homeland Security and the FBI.
Taking the lead in the investigation, the FBI does not believe the synagogue was targeted by an anti-Semitic group.
“Nothing was ‘taken’ or ‘captured,’” clarified Steven Hornik, Ohev president. Certain data and files on the main server were encrypted and aren’t accessible. The criminals who hacked in want money to “fix” the problem. However, Hornik stated Ohev has chosen not to pay. The FBI is keeping watch on this specific ransomware with hopes that sometime down the road a solution will be found to un-encrypt the data.
The staff’s computers are the only ones affected—losing word documents, excel and spreadsheets. For example, the COS back-to-school articles Amy Geboff, COS director of Youth and Family Education, sent Heritage are now encrypted on her computer. She’s been there over 20 years—that’s a lot of documents.
“Inconvenient” was the word Hornik used describing the effect the hack has had on the staff, while also saying that “inconvenient” really isn’t a strong enough word.
The newsletter further stated that there is no indication that confidential synagogue information, including personally identifiable information of members and staff and financial information was encrypted or compromised.
According to Hornik, who teaches a cyber security course at UCF, maleware is commonly sent through a phishing email. It can look like it is coming from someone familiar to the recipient.
Ohev investigated how the ransomware reached their systems. “In all likelihood, someone clicked on a link,” Hornik said, that allowed the maleware to start encrypting. Ohev is working with its IT company to conduct computer security training for all office personnel, and working with DHS and the FBI on ways to enhance the security of the systems.
Ransomware can happen to anyone, Hornik said. The best prevention is to not be caught off guard. Be skeptical when opening an email. Ask yourself, “Am I expecting this?” If it is from someone you know, but out of the ordinary, call that person and ask if they sent this email.
Adding filters also helps to block unwanted emails.
And most important: Have back ups. Have several back ups on the cloud and external hard drives.
“I tell my students to buy an external hard drive to back up all their programs. It doesn’t cost much and it can be restored,” said Hornik.