By Rich Heidorn Jr.

The New Mexico Public Regulation Commission’s website and electronic filing system have been offline since a ransomware attack last Thursday, and it is likely to be another week before the sites are restored, state officials said.

Officials initially said the Jan. 9 attack originated from a foreign country but later said that had not been confirmed.

The officials said hackers breached a firewall on outdated state servers, giving them access to the PRC’s system. The internet and intranet were taken offline to prevent further damage.

The state Department of Information Technology “was immediately notified of the intrusion by the PRC and immediately began to quarantine it, address it and investigate it, per protocol,” department spokeswoman Renee Narvaiz told ERO Insider on Thursday. “There is not yet any confirmation about the source of the intrusion; it remains under investigation.”

The department is investigating the incident along with the FBI and security consultant RiskSense.

Because of the loss of electronic filing, the commission is only accepting documents via mail or hand delivery.

RiskSense CEO Srinivas Mukkamala told ERO Insider he could not comment on early reports that the attack originated outside the U.S. But he said it appeared to be an opportunistic attack by hackers who took sought to profit from the PRC’s failure to practice good “cyber hygiene.”

“It’s unpatched systems on your network that would facilitate an attacker to take advantage,” said Mukkamala, whose company published a report analyzing enterprise ransomware and vulnerabilities in September. “I don’t see a political motive here.”

Mukkamala said ransomware attackers are like pickpockets scanning passengers on a subway car for those who are inattentive. “Pay attention to your wallet. If not, somebody is going to pick your wallet off,” he said. “It comes down to two things: Pay attention to the software you’re using to run your organization. Pay attention to the data you’re collecting and storing.”

Mukkamala said it was difficult to predict how soon the PRC’s systems will be returned to service.

“In scenarios like this, it can be today; it can be tomorrow; it could be a week from now. So, we cannot give a definite answer. The reason is we have to look at exposure. While there is one system identified as being infected, we have to look at what else is in the network that [is] susceptible to [a similar attack]. … So, the recovery process has to be looked at as a holistic view.”

Mukkamala told SC Media last month that ransomware “will continue to be the growth driver” in cybercrime because “it’s the shortest distance between investment and revenue for its perpetrators. Unlike identity theft, cryptocurrency theft or bank fraud, ransomware is a fast, cheap and effective method of extracting fees from victims.”

He said the growth rate of new ransomware families fell by half last year. “The reason for this is that the families that did appear were more sophisticated, harder to prevent and contained better distribution mechanisms.”

The New Mexico attorney general’s office has asked the legislature for about $500,000 to create a new cybercrime and counterterrorism unit. Attorney General Hector Balderas said in November that the state’s domestic terrorism and cybercrime laws should be revised to give officials more tools to deal with mass shooters and hackers.

Balderas also said he wants a “special unit” to aid New Mexico’s law enforcement in investigations like this.