The Digital World and Your Ministry

During a four-week period, bad actors were able to embezzle approximately $500,000 from the Seventh-day Adventist Church. The attackers preyed on a church employee’s compromised Gmail password and initiated instructions for money transfers. They sent emails to treasury personnel at the General Conference headquarters, impersonating the employee and confirming transfer of funds. In order to complete the fraudulent transfers, they marked all communications as “read” and “deleted” to bypass the employee’s inbox.[i]

Every day, cyberattacks routinely paralyze computers and systems. Our Seventh-day Adventist organizations are not immune from these dreaded infections. Conference offices, individual churches, or one-room schools in rural areas—all can be targets. Cyberattacks do not discriminate based on the size of an organization or the individuals that work within it.[ii]

It is important to distinguish between two kinds of cyberattacks: ransom attacks and phishing. Ransomware is malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Phishing, on the other hand, is a social engineering technique used by cybercriminals to manipulate human psychology. In these types of attacks, the hacker sends emails, text messages, or links, posing as a legitimate body. If they succeed, they can lead organizations to reveal sensitive information.

Phishing

With phishing, as in the opening story about embezzlement, much of the security depends on the precautions of individual employees.  By targeting people with phishing attacks, attackers can bypass traditional security technologies with ransomware. Email is a weak point in the security infrastructure of many organizations, including Adventist organizations. Hackers can exploit these systems by using phishing emails to trick users into opening malicious files and attachments. By using Trojan horse viruses, hackers also target human error by causing people to download malicious files inadvertently.

Ransom Attacks

Other attacks depend on insufficient antivirus and encryption measures. In 2020, one of our own Adventist organizations, a university, was affected by such an attack. The attack buried encryption malware in the Microsoft Windows infrastructure, infecting servers and any PC that was connected to those servers.[iii]

As organizations seek ways to outsmart attackers, cybercriminal gangs, like one called “Sabbath,” are modifying their techniques at increasing speeds.  In 2021, Sabbath publicly shamed a U.S. school on a dark website after the school refused to pay a demanded ransom. “Instead of encrypting data and hoping for a big pay day, Sabbath simply steals data and extorts—a technique that is quite aggressive, yet lucrative,” according to Avertium, a leading cybersecurity firm. “Sabbath has made it a point to target critical infrastructure with their attacks with no clear signs of slowing down.”[iv]  
 
In recent years, cybersecurity professionals have warned that ransomware attacks would continue to become more sophisticated and targeted. Their predictions were correct. Ransomware gang Sabbath is just one example.

What can you do to prevent or stop the spread of ransomware?

•  Make sure you have backups on premise and/or in the cloud with a good retention policy.

If you have a well-protected backup system in place, then you should be able to recover your operations with little to no data loss. This step is key to a successful recovery.

• Use a VPN.

By using a trusted virtual private network (VPN), you can create a secure connection into your network, protecting your organization from attack.

• Make sure that all systems and software are up to date with relevant patches.

For example, make sure all computers in the classrooms, church sanctuary, and church A/V booth are regularly updated with the latest Microsoft Windows patches.

• Use antivirus software, a firewall, and good security policies.

A reputable antivirus program should be installed on all church computers, office computers, classroom computers, etc. A robust firewall appliance should be installed at the very ingress/egress of your internet traffic flow. This can help to prevent cybercriminals from gaining access. Security policies should also be put in place, and login accounts should not be shared among teachers, students, pastors, or volunteer A/V staff.

• Create complex passwords and change them regularly.

Passwords such as “password” or someone’s name are not secure enough. Cybercriminals obtain in-depth and lengthy password lists that they apply when trying to gain access to a system. Therefore, it is crucial that all staff, pastors, office workers, teachers, students, etc., create complex passwords and change them on a regular basis.

• Do not pay the ransom.

Simply put, do not play into the cybercriminal’s hands. If your church, school, or ministry has been infected, consult with your conference to see if you have cyber insurance. If so, let them assess the situation. You may be able to remove your device(s) from the network and rely on your backups for recovery.
 
One of the major issues with security threats is a lack of awareness among users. Many people are unaware of what threats look like or what they should avoid downloading or opening on the internet or in emails. This lack of security awareness helps ransomware spread much more easily and quickly. By implementing the above steps, you can help to protect your Seventh-day Adventist organization as it pursues its mission.

References

[i] Lechleitner/Ann, E. (2014b, April 8). New details released in cyber attack that defrauded Adventist Church of half a million U.S. dollars. Adventist News Network. https://adventist.news/news/new-details-released-in-cyber-attack-that-defrauded-adventist-church-of-half-a-million-us-dollars