A ransomware attack on Logical Net in Schenectady on Christmas Eve led to dozens of local businesses being attacked.
The widespread attack led to Albany International Airport paying a ransom to gain access to its computers after being locked out for five days, according to the Associated Press. The airport was attacked through its contract with Logical Net, which had a remote access “back door” to the airport’s computers.
Smaller information technology companies, including PS Technical Services in Glens Falls, had service agreements with Logical Net and similar back door connections. It’s a common way of handling IT, according to the FBI.
But when Logical Net fell, all of its subcontractors fell too. And, thus, not only did Logical Net’s clients get hit, but all the clients of the subcontractors as well.
The FBI is now trying to determine how many IT companies were involved and does not yet have a total number of clients that were attacked, said spokeswoman Sarah Ruane. She added that the FBI cannot give out more details because it would give away the scope of the investigation into the attack.
Albany International Airport was a direct client of Logical Net and terminated its contract with the company after the attack. The airport paid the ransom to get access to its computers after five days of struggling with the ransomware, airport officials said. The control tower and airline operations were not affected, according to airport officials.
Logical Net did not return two calls seeking comment this week.
Locally, the attack spread through Logical Net to PS Technical Services and then hit the town of Moreau, along with “dozens” of other PS Technical Services clients.
Moreau had backed up all its data and was able to restore everything after wiping the ransomware, but it took two days.
For PS Technical Services, it was an expensive ordeal. The company has just two employees.
“They’re just two guys and they had dozens of clients compromised,” said Moreau town Supervisor Todd Kusnierz.
To get Moreau back online, the company contracted out to StoredTech, based in Queensbury.
“So they were working together — and they are competitors. It must have been awkward for them,” Kusnierz said.
They got the work done. But there may be a financial hit yet to come.
The town is now putting out a request-for-proposals for IT services.
Kusnierz said he wasn’t seeking a new company because of the attack.
But he did acknowledge that the town got hit through the company that it trusted to protect it.
“It was who he contracted with. That company got hit. They came in that way, through them,” Kusnierz said.
He wants to consider all the IT options out there to ensure the town is as safe as possible from future attacks.
“It is a challenge. It’s scary,” he said.
Indeed, former Town Board member Alan Van Tassel predicted the possibility of an attack during a budget workshop on Oct. 17, just two months before the attack occurred.
Van Tassel, who works for StoredTech, said he wasn’t satisfied with the town’s cybersecurity.
“It’s not if we get compromised, it’s when,” he said, according to the minutes of the meeting.
The FBI is advising every company and municipality to have a regular backup plan that creates physical backups in a place not connected to the rest of the computer system.
“I think a lot of people think if they have it in the cloud, they’re good,” Ruane said. “That’s also potentially vulnerable. You need backups that are physically stored offline in a separate location.”
The plan should include a way to restore directly from the backups, she said.
And the first call after an attack should be to the local FBI office, she added. The FBI will help resolve the situation and will look for evidence to track the crime.
“You have to contact us,” she said. “It’s just encouraged that we know right from the get-go.”
As for latest incident, in which an attack from Logical Net spread to other IT companies and to all of their clients, she said there’s not much that can be done to prevent it.
“Be aware of your supply chain. Know who your vendor is, what services they use and who they use to provide those,” she said.
But for most people who won’t know how to evaluate the security of those vendors, the FBI advises hiring a contractor to vet all IT bidders. That contractor should determine what the company’s needs are, and then analyze the bidders and offer a recommendation on who to choose, she said.
Kusnierz is organizing a meeting for municipalities and companies at which a FBI representative will offer specific advice on how to avoid cyberattacks. No date has been set yet.