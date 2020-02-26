The Maryville Housing Authority is undergoing a series of planned fiscal changes at the start of of the year including an audit and a conversion to a new operational model.
But a change it didn’t expect came early February when the authority’s chief financial officer Bonita Schatz’s computer was hacked and her files held for ransom.
The amount? $5,000.
The attack hit two computers and hackers requested $2,500 for each one and MHA only has a $10,000 deductible on their insurance.
But the authority decided not to pay and is instead doing its best to rebuild a body of financial data going forward.
Payment could have been managed through bitcoin, an online currency system popular with these kinds of hacks. MHA Executive Director Nancy Burnette said hackers wanted them to create a new bitcoin account in order to make a payment.
Hackers gave Schatz six days to respond but Burnette said after considering their options — though MHA employees originally felt they had no other choice than to pay the ransom — they reversed course.
“This just aggravates me because this is so illegal and so wrong and they’re allowed to do this,” Schatz said during a Feb. 19 board meeting. She said the attack not only put her work in jeopardy, it also stressed her out.
Burnette and MHA Leasing Supervisor Julie Chaney explained the hackers had a very organized and — ironically — somewhat helpful system that included a letter and instructions about how to create a bitcoin wallet.
They even went so far as to recommend companies where a kind of bitcoin bank account called a “wallet” could be opened.
That would have required Schatz to give several points of personal information including a driver’s license, her social security number and even a picture of herself.
Even though the hack may not end up costing the authority money, it has cost them both time and worry in a season when financial records are especially vital.
Unfortunately, Maryville is not alone.
Sevierville had it even worse
Burnette said Scott Accounting & Computer Service, Inc., a third-party software company MHA uses, told her other authorities have been attacked as well.
Many housing authorities throughout Tennessee use SACS and at least one has suffered a hack within the past year.
The Daily Times surveyed nearly 15 housing authorities throughout Tennessee and found that at least two — the Johnson City Housing Authority and the Seveirville Housing Authority — had been recently hacked.
Management Information Systems Coordinator at Johnson City Housing Jerry Rosenbaum said they suffered an attack two years ago from ransomware called WannaCry.
“I’ll never forget the name,” Rosenbaum said. “I wanted to cry.”
He only paid $250 for some repairs and only lost an hour’s worth of data, but knows predatory companies still exist and have some standard ways of infecting computers.
“Watch out for zipped files coming through the email,” he advised. “In today’s time you don’t need to zip stuff up. You click on it and boom, it releases.”
Ginger Bohanan at the Sevierville Housing Authority had it far worse and said she’s still recovering from a ransomware attack in July and August of 2019.
“They were asking for ... closer to $10,000,” she said. “It was like, ‘No. We’re not paying for that.’”
She said when it started, the virus attacked the authority’s server. The SHA was also using SACS and experts from the company said the would be a loss of around five days of work.
“(SACS employees) said ‘We could pay this money and (the hackers) could turn around and say you’re going to owe more money,’” Bohanan said. But they didn’t want to go that route.
Then it got worse.
A week later, the same entity sent out another virus to every single computer at the SHA.
“We lost everything,” Bohanan said. “All of our word documents, all of our excel documents, all of our outlook ... it encrypted all of it and we could not retrieve any of it. I mean I’ve been employed here 29 years. I lost everything that I had on my computer.”
Thankfully SACS software had been backing up every day, but everything else was history. Employees have had to type up and scan in things and Bohanan indicated daily operations are still a struggle.
The total loss was $15,000 and only around $1,200 was recouped after insurance kicked in.
“It’s been a nightmare,” Bohanan said. They lost all their old email addresses and are having to balance several accounts just to make sure they’re receiving important correspondence.
Paying the ransom is up to you
Meanwhile, work to update their software and tighten their security will cost the MHA, but Burnette said she hopes insurance will help.
“All the costs, these upgrades we’re doing, I’m assuming we’ll be able to apply to this insurance policy,” she said.
She also reported the incident to the FBI whose Knoxville office did not return several calls for comment about local cyber crimes.
Ransomware hacks are not uncommon and the FBI has a site where such crimes can be reported. On that site, information on how to handle an attack says paying the ransom is not a good idea.
“Paying a ransom does not guarantee an organization will regain access to their data,” the FBI’s official cyber division states. However, it added “there is an understanding that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders,employees and customers.”
The MHA’s audit is on March 3.
