How safe from a ransomware attack are Minnesota's government computers?

WannaCry ransomware has been detected across more than 200,000 computers in 100-plus countries. So how protected is Minnesota?
Author:
Updated:
Original:

There are about 45,000 computers and servers, countless emails, numerous websites, and personal records of 5.5 million Minnesotans that are all under the watch of MNIT.

MNIT is Minnesota's Information Technology agency, in charge of everything tech-related for the state's executive branch, and also does work for more than 70 government��agencies and boards.

So if, say, a ransomware attack was crippling thousands of computers in countries across the globe, the defenses MNIT put up are what would keep the malware out of the state's computers.

"We have absolutely seen it knocking on our door right from the get-go," Andrew Call told GoMN.

Call is the director of information security with MNIT, and was talking specifically about the WannaCry ransomware (aka WanaCrypt0r) attack. Workers who started seeing it ramp up Friday morning began the analysis: What is it? How is it coming in? Are the state's computers exposed? How is it spreading?

"We were fortunate to have had some proactive boundary protection rules put in place, and a fairly close to complete patching in place," Call explained.

So while WannaCry may have been "knocking on our door" in Minnesota, it was kept outside. At least for now.

How vulnerable is Minnesota?

These thousands of computers (which include laptops and desktop PCs) are spread across offices and run the gamut of operating systems, including Unix, Linux and OSX. But the majority, Call said, use some version of Windows.

Windows of course is the operating system the WannaCry ransomware targeted. It took advantage of a security flaw, leaked by a group of hackers earlier this spring, to worm its way into the computer, encrypt all the important files, then hold them hostage until getting a bitcoin payment.

Microsoft issued a patch for supported Windows system, fixing that flaw back in March. But anyone who didn't download and install that security update – or is still using an old, unsupported version of Windows – was left vulnerable.

At MNIT, most of the PCs they oversee are using a supported version, meaning they would have been patched – Call said that's something they check regularly, usually once a week.

There are a few clusters of computers under MNIT's watch that are running older Windows versions however. For example, Call said there's some lab equipment that runs on embedded Windows XP. And some decades-old programs won't work on newer machines.

For those vulnerable computers, Call said the "layers" of defense they implement have kept this ransomware at bay. So far so good it seems, even as the WannaCry ransomware spreads.

"Right now we are not aware of any successful impact," Call said.

They want more money for upgrades

This high-profile ransomware attack comes at a time MNIT is fighting for more funding.

The agency already fends off three million malicious attacks every single day, spokesperson Cambray Crozier said. They asked lawmakers for more money – just over $22 million in 2018, with about $4.8 million each year after that – to make proactive upgrades.

For example, MNIT has 27 data centers around the state, Legislative Director Jon Eichten told GoMN. He said it's "impossible to secure" all of those from attacks with the current funding levels. So $14 million would go toward consolidating the servers, reducing the number of scattered targets.

Another goal: Get MNIT staffers working 24/7.

"The way the internet works is these attacks don’t just come in during business hours … they come in all the time," Call said. "We’re unable to react. We don’t have our eye on the ball at night."

As Jenna Covey, MNIT's chief digital officer, put it on Twitter:

But will they get it?

The budget bill that was finalized and passed by the House and Senate contained $0 in new direct funding for cybersecurity. Instead MNIT would get about $2.2 million each year, the same as 2016-17.

The agency also brings in money through chargebacks – they do IT work for other agencies, and those agencies pay MNIT for the services. But it's hard to take dramatic, proactive security steps under that decentralized model, Crozier argues.

That budget bill was actually vetoed by Gov. Mark Dayton, and he actually cited the lack of additional funding as a reason. So will a new, renegotiated bill bring in more money?

Rep. Sarah Anderson, who helped finalize the vetoed budget bill, told GoMN the bill directs MNIT to fully consolidate state agencies– a process that started back in 2011 but hasn't been completed she said. That lack of progress "impedes our ability to effectively protect against attacks," she said.

And Sen. Mary Kiffmeyer, who played a similar role on the Senate side, told GoMN via email the offer they're working on now will "likely" see more cybersecurity funding. But she's looking for more future-oriented plans from the governor than she said she's gotten so far.

"Hacking is not new. We had 'paper hacking' in the past. Always attractive to those with bad intents," she added.

Next Up

Screen Shot 2020-11-30 at 7.41.02 AM

Human remains found at Albert Lea building where 3 people where shot

Authorities say the human remains are not related to the shooting.

DirecTV

DirecTV subscribers could lose KARE 11 on Tuesday

A new contract needs to be agreed upon by 6 p.m. Tuesday.

prison, Rush City cell block

Inmate from Rush City prison dies after COVID-19 diagnosis

The man is the fifth incarcerated person in Minnesota to die from COVID-19.

ambulance

Belle Plaine man dies after duck boat capsizes on lake

One man was found sitting on the overturned boat while another man was in the water.

Screen Shot 2020-11-29 at 4.59.51 PM

Watch: Adam Thielen watches end of Vikings/Panthers just like all of us

The Vikings receiver looked like a true fan on Sunday afternoon.

Chad Beebe

Chad Beebe's roller-coaster fourth-quarter keeps Vikings playoff hopes alive

A muffed punt and a game-winning touchdown helped defeat the Panthers on Sunday afternoon.

127266986_2766399800267634_3587849554502438415_n

West-central MN cops warn kids to stay off ice, or 'Santa won't come'

This comes amid repeated ice warnings across the state.

covid-19, coronavirus, PPE

Nov. 29 COVID-19 update: 57 deaths, nearly 9,000 more cases

Nearly 100,000 tests were included in Sunday's report.

jim ramstad

Watch former Rep. Jim Ramstad's memorial service online

The ceremony will be live-streamed for the public on Sunday.

EDL1LeKXsAEeH32

How high can Rashod Bateman go in the 2021 NFL Draft?

The Gophers star receiver has plenty of praise heading into next April.

TCF Bank Stadium

15 more from Gopher football team test positive for COVID-19

That brings the total number of cases from this outbreak to 40.

Related

How big a deal is this hack of Minnesota government and MSU Moorhead servers?

Email addresses, encrypted passwords, user IDS – what someone could do with the information.

A cyber attack is holding computers around the world for ransom

One malware site says this WannaCry attack has been detected in 99 countries.

'Accidental hero' slowed the global ransomware attack – but it might not be over

The malware locks up your computer and threatens to wipe your files, unless you pay $300 in bitcoin.

Computers at Minnesota's Tettegouche State Park were hit with malware

Anyone who used a credit card at the park in late August should be alert.

What to know about this global cyber attack

Researchers think it could be a malware that's been sold on the dark web's black market.

How an international cybercriminal hijacked computers through a MN website

Charges against Peteris Sahurovs reveal how he allegedly stole millions of dollars via a Minnesota website.

WikiLeaks leak claims CIA can get past phone encryption, hack into Smart TVs

This leak of more than 8,000 files has not been authenticated – though it appears legitimate.

What happened to the proposal to stop internet providers selling MN customers' data?

It got a lot of support – but right now isn't included in any bill. Here's what is going on.