ATLANTA — A massive, worldwide ransomware attack that was discovered in May, and first reported by 11Alive in June, is now “worse than ever,” and “off the charts,” according to a cyber-security investigator based in metro Atlanta.
And among its victims are retired Georgia teachers. They’ve had their personal ID and pension information stolen.
And the investigator, Patrick Kelley of Leargas Cyber-Security, believes this ongoing attack is only going to get worse.
“This is the largest ransomware attack I’ve seen,” Kelley said Wednesday. “I don’t know how long it's going to take to truly understand the impact.”
The secretive Russian hackers who are believed to be behind the virus call it “Clop,” and the hackers have infected more than 600 targets, at least--mostly in the U.S.--including governments and corporations, and Georgia’s universities and colleges, as well as retirement systems such as the Teachers Retirement System of Georgia.
The hackers breached the Teachers Retirement System of Georgia by hacking its contractor, named PBI, which handles the retirees’ personal data.
The PBI website says, “PBI is working diligently with our clients to notify and support impacted individuals.”
“They actually found out that they were breached in June," Kelley said, "and did not start doing notifications until July, which unfortunately is pretty typical.”
And Kelley said that, just in the past week, the hackers have started providing to the public, at faster-than-ever download speeds, all of the stolen private information.
“So if someone that wanted to go download all of the data around the teachers pensions and the retired teachers data, they can do it 50 times quicker than they were able to do that last week,” Kelley said. “So anyone that is curious or wants to use the data for extortion, really any average user that wants to pull all of that data down, now has the ability to do that.”
The Teachers Retirement System’s website says “PBI is offering all impacted members complementary credit monitoring and identity restoration services.”
According to Kelley, as a result of the overall scheme against so many targets, "Clop is expected to earn $75 million to $100 million in extortion payments, not because many victims are paying, but because the threat actors have successfully convinced a small number of companies to pay very large ransom demands."
Kelley said everyone should assume their personal info is out there in the public domain, now.
So he said people should access the credit reporting sites online and freeze their credit, so hackers can’t use someone’s stolen ID to open new lines of credit and ruin them, financially.
And he said everyone should set up two-step verification at every online site they use that requires personal log-in info.
“We're going to see a lot more of this," Kelley said. “We've got some tough days ahead.”