Skip to main content

How safe from a ransomware attack are Minnesota's government computers?

WannaCry ransomware has been detected across more than 200,000 computers in 100-plus countries. So how protected is Minnesota?

There are about 45,000 computers and servers, countless emails, numerous websites, and personal records of 5.5 million Minnesotans that are all under the watch of MNIT.

MNIT is Minnesota's Information Technology agency, in charge of everything tech-related for the state's executive branch, and also does work for more than 70 government��agencies and boards.

So if, say, a ransomware attack was crippling thousands of computers in countries across the globe, the defenses MNIT put up are what would keep the malware out of the state's computers.

"We have absolutely seen it knocking on our door right from the get-go," Andrew Call told GoMN.

Call is the director of information security with MNIT, and was talking specifically about the WannaCry ransomware (aka WanaCrypt0r) attack. Workers who started seeing it ramp up Friday morning began the analysis: What is it? How is it coming in? Are the state's computers exposed? How is it spreading?

"We were fortunate to have had some proactive boundary protection rules put in place, and a fairly close to complete patching in place," Call explained.

So while WannaCry may have been "knocking on our door" in Minnesota, it was kept outside. At least for now.

How vulnerable is Minnesota?

These thousands of computers (which include laptops and desktop PCs) are spread across offices and run the gamut of operating systems, including Unix, Linux and OSX. But the majority, Call said, use some version of Windows.

Windows of course is the operating system the WannaCry ransomware targeted. It took advantage of a security flaw, leaked by a group of hackers earlier this spring, to worm its way into the computer, encrypt all the important files, then hold them hostage until getting a bitcoin payment.

Microsoft issued a patch for supported Windows system, fixing that flaw back in March. But anyone who didn't download and install that security update – or is still using an old, unsupported version of Windows – was left vulnerable.

At MNIT, most of the PCs they oversee are using a supported version, meaning they would have been patched – Call said that's something they check regularly, usually once a week.

There are a few clusters of computers under MNIT's watch that are running older Windows versions however. For example, Call said there's some lab equipment that runs on embedded Windows XP. And some decades-old programs won't work on newer machines.

For those vulnerable computers, Call said the "layers" of defense they implement have kept this ransomware at bay. So far so good it seems, even as the WannaCry ransomware spreads.

"Right now we are not aware of any successful impact," Call said.

They want more money for upgrades

This high-profile ransomware attack comes at a time MNIT is fighting for more funding.

The agency already fends off three million malicious attacks every single day, spokesperson Cambray Crozier said. They asked lawmakers for more money – just over $22 million in 2018, with about $4.8 million each year after that – to make proactive upgrades.

For example, MNIT has 27 data centers around the state, Legislative Director Jon Eichten told GoMN. He said it's "impossible to secure" all of those from attacks with the current funding levels. So $14 million would go toward consolidating the servers, reducing the number of scattered targets.

Another goal: Get MNIT staffers working 24/7.

"The way the internet works is these attacks don’t just come in during business hours … they come in all the time," Call said. "We’re unable to react. We don’t have our eye on the ball at night."

As Jenna Covey, MNIT's chief digital officer, put it on Twitter:

But will they get it?

The budget bill that was finalized and passed by the House and Senate contained $0 in new direct funding for cybersecurity. Instead MNIT would get about $2.2 million each year, the same as 2016-17.

The agency also brings in money through chargebacks – they do IT work for other agencies, and those agencies pay MNIT for the services. But it's hard to take dramatic, proactive security steps under that decentralized model, Crozier argues.

That budget bill was actually vetoed by Gov. Mark Dayton, and he actually cited the lack of additional funding as a reason. So will a new, renegotiated bill bring in more money?

Rep. Sarah Anderson, who helped finalize the vetoed budget bill, told GoMN the bill directs MNIT to fully consolidate state agencies– a process that started back in 2011 but hasn't been completed she said. That lack of progress "impedes our ability to effectively protect against attacks," she said.

And Sen. Mary Kiffmeyer, who played a similar role on the Senate side, told GoMN via email the offer they're working on now will "likely" see more cybersecurity funding. But she's looking for more future-oriented plans from the governor than she said she's gotten so far.

"Hacking is not new. We had 'paper hacking' in the past. Always attractive to those with bad intents," she added.

Next Up

police tape, crime scene

Man dies after being shot in the head in St. Cloud

Investigators believe the suspects fled the scene in a vehicle.

USATSI_18349907

Uvalde school massacre: MN Democrats call for action, Republicans prayers

The tragedy in Texas has sparked different reactions from Minnesota's congressional delegation.

Screen Shot 2020-06-15 at 7.11.05 AM

St. Cloud man fires shot at police in hours-long standoff, surrenders

Shawn Lawrence Jacobs, 37, was arrested just before 4 p.m. Tuesday after he surrendered.

New baby zebra at the Como Zoo.

St. Paul's Como Zoo welcomes new baby zebra

The baby is yet to be named, and the zoo is planning an event for visitors to help with the decision.

Screen Shot 2022-05-25 at 11.06.51 AM

Pilfered peony plant prompts police probe

The peony, named Patrick, was taken from Wayzata City Hall gardens.

covid

Minnesota's COVID-19 update for Wednesday, May 25

The latest update from the state health department.

280709010_460996515827958_860845154539781131_n

Beloved small town MN baseball field destroyed by severe storm

The mid-May storm system blasted the area with 90+ mph winds.

Ettinger and Finstad

CD-1 Primary: Jeff Ettinger gets DFL nod, Brad Finstad wins GOP vote

Jennifer Carnahan also was on the ballot as a GOP candidate — and fell about 11,000 votes shy of claiming victory.

Screen Shot 2022-05-25 at 8.01.45 AM

6-year-old and his grandparents killed in trailer home fire

"Found among the charred debris were two adults and a child," the sheriff's office said in a release.

USATSI_18345175

Uvalde massacre: MN schools react with horror, increase security

A gunman killed 19 children and two adults in Texas Tuesday afternoon.

Screen Shot 2022-05-24 at 5.21.04 PM

Ex-South St. Paul coach dies by suicide 2 days before sentencing

Matthew McCollister was to be sentenced for fraud in federal court on Wednesday.

Related

'Accidental hero' slowed the global ransomware attack – but it might not be over

The malware locks up your computer and threatens to wipe your files, unless you pay $300 in bitcoin.

How big a deal is this hack of Minnesota government and MSU Moorhead servers?

Email addresses, encrypted passwords, user IDS – what someone could do with the information.

A cyber attack is holding computers around the world for ransom

One malware site says this WannaCry attack has been detected in 99 countries.

What to know about this global cyber attack

Researchers think it could be a malware that's been sold on the dark web's black market.

Computers at Minnesota's Tettegouche State Park were hit with malware

Anyone who used a credit card at the park in late August should be alert.

What happened to the proposal to stop internet providers selling MN customers' data?

It got a lot of support – but right now isn't included in any bill. Here's what is going on.

New proposal: Internet companies should pay you if they use or sell your data

It's your data that's valuable – should you get compensated for it?

WikiLeaks leak claims CIA can get past phone encryption, hack into Smart TVs

This leak of more than 8,000 files has not been authenticated – though it appears legitimate.