The ransomware cyberattack that froze the Pennsylvania Senate Democrats out of their emails, internal documents, and other computer files has rolled into another day.
And while the caucus has said it will not pay up, getting its members data back may not be easy.
On Friday, the technology staff received an alert that the network had been breached and found ransomware blocked access to the computer system. Currently Microsoft, the FBI, and the state Attorney General are investigating.
Democratic Leader Jay Costa (D., Allegheny) has said they will not give in to the demands.
Henry Carter, an assistant professor in the Department of Computing Sciences at Villanova University, said there is plenty of ransom software available on the internet to download and modify if you know where to look.
"These days it could be anyone," Carter said. "It is not a difficult attack to pull off."
The ransomers could be one person in a basement, a criminal organization in another country, or a larger intelligence group, he said. But because of their high profile, the Democrats were a potential target.
The encrypted software may have simply gained entry through an email attachment or as a user was browsing a website. Once installed, a decryption key – a long unguessible string of digits or bits – are needed to break the code, said Carter.
"In many cases, the only way to get the data back, if the ransomware writers did it correctly, is to pay up," he said.
— Marc Levy (@timelywriter) March 6, 2017
While at the University of Florida, Carter was involved in early research into software that acts as an early-warning system and will notify users of suspicious activity. His former colleagues plan to begin a startup business using CryptoLock, the software developed to detects modifications that ransomware would make and then halt the process before too many files are impacted, he said.
Detecting who pulled off the attack is next to impossible, he said. Having government and law enforcement involved in the investigation improve the chances, he said.
"They have more advance resources and forensic tools that allow them to track down artifacts the typical user might not be able to find," he said.
The best way to avoid a total loss is to back up information, Carter said.
Ransomware hackers are holding Pennsylvania state senate Democrats cyber hostage https://t.co/lY1Dkg19LT
— NBC Investigations (@NBCInvestigates) March 3, 2017
Costa has said that most of that information is backed up nightly, and Democrats should eventually have access to material from as recently as Thursday. But that would depend on whether the backed-up files also have been affected, the Associated Press reported.
Sen. Daylin Leach, (D., Montgomery) told the wire service the hackers gave a one-week deadline to pay the ransom. His office has lost access to all of the paperwork on file for constituent requests and the state grants he was trying to get for his district.
"In the short-term, we can sort of make do," Leach said. "There are some problems long-term."