The University of Tulsa has an award-winning Cybersecurity Department, and its experts tell us where there's a malware problem, there's a solution. However, learning how to prevent ransomware attacks is the ultimate goal.
Cyber security experts said recovering from ransomware could take anywhere from a few days to weeks or even months depending on how much data is breached.
The City of Tulsa is under a cyberattack.
Related Story: City of Tulsa Computer System Impacted By Cyberattack
"It's apparently the city of Tulsa's turn," Tyler Moore, Tandy Professor of Cyber Security at the University of Tulsa, said.
Moore said ransomware is malicious software that locks all the data on a computer, scrambling it up and making it inaccessible until the ransom is paid.
"Essentially, they've settled on a playbook that seems to work," Moore said.
Moore said ransomware has been around for more than a decade and these attacks tend to come from Eastern Europe and Russia.
"When Bitcoin came along, they found an easy way to actually monetize that and target, you know, random cities in America," Moore said.
Ransomware gangs scan thousands of computer networks at any given time, searching for vulnerabilities. The malware could spread by clicking on an email, but Moore said more often than not, attackers capitalize on a weakness.
"It's actually kind of scary, but the victims are selected by their willingness to pay," Moore said.
He said cities are targeted because many are insured. The list of attacks is growing from Baltimore to Atlanta, and even smaller towns like Okema a few months back. Victims have a decision to make: to pay or not to pay. Something that would've cost thousands four or five years ago, may cost hundreds of thousands today. Moore said most of the time it's paid, especially if the data is super sensitive.
"That just encourages the gangs to go target the next group," Moore said.
Moore said the problem is preventable.
"Invest in cyber hygiene, ensure that software's up to date, you have adequate backups, that your backups are kept offline," Moore said.
Moore said it's an encouraging sign the City of Tulsa took several computer systems offline, suggesting those systems have not been directly impacted by the ransomware.