Tech Security Expert: MA Inspection Shutdown Cause “Probably Some Form Of Ransomware”
Chris Gonsalves is an IT security expert with Channelnomics. Before that, he was with the Institute for Applies Network Security. Gonsalves spoke with GBH All Things Considered host Arun Rath.
After more than two weeks, the Massachusetts’ vehicle inspection system is still offline. People whose cars were due to be inspected in March are driving on expired stickers — the state’s RMV is now giving them until the end of May to get their vehicles checked. It’s all thanks to an attack on the software that the inspection system runs on. Chris Gonsalves is an IT security expert with Channelnomics. Before that, he was with the Institute for Applies Network Security. Gonsalves spoke with GBH All Things Considered host Arun Rath. This transcript has been edited for clarity.
Arun Rath: State inspections are performed at gas stations, garages, places like that all across Massachusetts. They run on software that’s put out by a company called Applus Technologies. Do we know how the software was compromised?
Chris Gonsalves: Well, we can guess. We know that the system was compromised around March 30, and they notified the inspection stations that they should immediately take their stuff offline, unplug it, power it down, move it away from anything flammable. We don’t know exactly what the problem was except that Applus has said that it was malware. Now we can guess that it was probably some form of ransomware. What ransomware does, for folks who may not be familiar with it, is it infects a network, it infects the endpoint devices on that network, and it takes the files and it encrypts them. It scrambles them so that they look like gibberish. The only way to recover them at that point is to use a decryption key, which can only be provided to you by the criminals who broke into your system. They will happily provide that key for one or a few Bitcoin, some sort of untraceable cryptocurrency, and then hopefully you can get your systems back online.
The other way to recover from a ransomware attack, if that’s all this is, would be for you to employ your system backups. Most organizations are at least supposed to be backing up their data regularly so that when you have an event like this, you just shut everything off, wipe it clean, and put the recovered data back into the system. You may have lost 24 hours worth of work, but everything works just fine. We know at this point that that isn’t happening at Applus. We are several weeks into this, and they still don’t really know when the system is going to be recovered. So that tells me a couple of things. One, they didn’t really have robust backups to use. And number two, they may have paid the ransom to start to get their systems back online, which would explain why they’re not being completely forthcoming about what happened. Because boy, the FBI hates it when victims pay the ransom. But in fairness to the victims, there’s often not a better way to do it.
By Arun Rath and Matt Baskin
Read the entire article or listen to the podcast, Tech Security Expert: MA Inspection Shutdown Cause “Probably Some Form Of Ransomware”, at wgbh.org.