Delaware Guidance Services for Children and Youth target of ‘ransomware’ attack

Jill Rogers

DOVER — Delaware Guidance Services for Children and Youth Inc. — the largest not-for-profit provider of psychiatric services for children and their families in the state — was the target of a “malware-ransomware” attack on Christmas day last year.

Although declining to get into specifics of the attack, the agency noted in a letter sent to its clients that the attack targeted data servers and “encrypted records so that they could not be opened.” To get the records released, DGS was required to pay a “ransom” to obtain a “de-encryption key” that unlocked the records.

DGS declined to detail the sum paid to the ransomers, but did note that “law enforcement authorities” were notified of the incident.

DGS serves “approximately 10,000 children and their families annually,” has a staff of about 200, a budget of $12 million and five locations statewide.

The agency’s clients were made aware of the attack in a letter sent on Feb. 26. It noted that although clients’ personal information such as name, address, birth date, Social Security number and medical information were stored on the affected data servers, DGS administrators believed none of the information was “compromised.”

“We engaged an information technology firm to review our systems and conduct a forensic analysis to help us determine whether any of our records have been improperly accessed or used by an unauthorized individual, and while there is no indication that data has been compromised, we nonetheless thought it prudent to advise you of this situation, as we are keenly aware of how important your personal information is to you,” read the letter from DGS executive director Jill Rogers.

Despite that, DGS extended an offer of “credit monitoring and reporting services” to their affected clients at no cost. The service, provided by IDExperts, watches for and reports any unusual credit activity, such as creation of any new accounts under a given name. Interested clients were encouraged to contact Christine Paoletti at 1-833-556-0123 by March 31.

They were also encouraged to carefully monitor their financial and credit account statements and credit reports for any unusual activity. Any unauthorized activity should be reported to applicable financial institution(s) and law enforcement. A complaint should also be filed with the Federal Trade Commission by calling 1-877-ID-THEFT (1-877-438-4338) or online at Free credit reports from the credit reporting agencies can be obtained by calling 1-877-322-8228 or by logging onto

Becoming common

Since 2016, the Federal Bureau of Investigation has been cautioning the public about the rise in ransomware incidents. The agency notes that hospitals, school districts, state and local governments, law enforcement agencies and small or large businesses are all common targets. Typically the entities impacted pick up “malware” on their servers that encrypt, or lock, valuable digital files and a ransom is demanded to release them.

Often, the inability to access the important data these kinds of organizations keep can be “catastrophic” in terms of the loss of sensitive or proprietary information, the disruption to regular operations, financial losses incurred to restore systems and files and the potential harm to an organization’s reputation, says the FBI.

Generally, the FBI recommends not paying ransoms. This is mostly because the act of paying doesn’t guarantee that the organization will safely get its data back and it may embolden ransomers and other cyber criminals to target more organizations. It also offers an incentive for other criminals to get involved in this type of illegal activity, says the agency.

What they do recommend is prevention efforts and “business continuity planning.”

To prevent attacks, the FBI suggests:

•Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.

•Patch operating system, software and firmware on digital devices (which may be made easier through a centralized patch management system).

•Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.

•Manage the use of privileged accounts — no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.

•Configure access controls, including file, directory and network share permissions appropriately. If users only need read specific information, they don’t need write-access to those files or directories.

•Disable macro scripts from office files transmitted over e-mail.

•Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).

And as for business continuity, it’s recommended to back up data regularly and verify the integrity of those backups regularly. It must also be ensured that the backed up data isn’t connected to the computers and networks they are backing up. If adhered to, an organization may be able to dispense with any compromised data during an attack and restore its own data.

Facebook Comment