Ransomware is like the elementary school bully who steals your lunch and won’t give it back until you give him a quarter. Except in this case, it is all or most of the files on your computer’s hard drive, and the cost to restore your data is hundreds of dollars.
The first known ransomware attack was back in 1989. Widespread ransomware attacks started in Russia in 2005. By 2012 the attacks had spread outside of Russia, especially to Europe and North America. They work by either encrypting your files or locking access to your system via a variety means, from constantly putting pornographic pictures over everything on your screen to running a fake version of Windows that won’t do anything until you pay.
There are ransomware attacks for Windows, Mac OS, iOS, and Android systems.
Payment is almost always through some form of electronic currency like Bitcoin. These virtual monetary systems are anonymous and it is very difficult for authorities to track the destination of the payments. However, some ransom notes have you call a “toll-free” number to get a key to release your files or system, except the phone number is routed through a country with very high long-distance rates, and the operator “needs” to put you on hold for several minutes before giving you the code. You could end up with a several hundred dollar item on your next phone bill.
Sometimes the pop-up on your screen looks like it came from a law enforcement agency like the FBI in the US, Scotland Yard in the UK, or your local police agency. The notification page claims the agency locked your computer because they detected illegal files on your computer: usually porn or terrorism-related material. Once you get over the official looking notification with all the correct logos and badges and can read it calmly, it looks like a scam. Often the wording is awkward, and, really, is the FBI going to ignore your alleged terrorism-related activities if you Bitcoin them a few hundred dollars?
By the end of 2013, Security expert Symantec reported 600,000 ransomware attacks a month, and expects these attacks to increase substantially in 2016 across all platforms.
If you get a ransomware notification on your business or personal computer, tablet or smart phone, do not pay the ransom. They may give you the key, or they may not. These are cybercriminals, not necessarily known for their ethics. Once the malware is loaded, they can bully you again as often as they want until you clean it off of your system. Have a five-minute rant, calm down, reload a fresh copy of the OS and then restore your files from your latest backup.
The solution, of course, is not to be attacked by ransomware. While you can never be completely protected, here are four things that you should already be doing.
- Practice safe clicking. Always check the link in an email or on a website that you are not positive is friendly. Check out my last post for how to do that. Most ransomware comes in through a standard malware attack.
- Keep your software up-to-date. Cybercriminals and cyberterrorists are always looking for new vulnerabilities, and they are very good at it. Once they find one, they pass the information on to other cyber attackers. Fortunately, the good guys are also looking for vulnerabilities and making updates to their software to close vulnerabilities as they find them. But if you do not have the latest software, you still have those vulnerabilites.
- Use a good security software package that is more than just anti-virus.
- Often. No, even more often than that. Periodically, ask yourself when you or your automated backup mechanism made your last backup. Then ask how much grief it would be to redo everything you had done since then. Macintosh Time Machine and Windows 10 File History backup changed files every hour, but only if you have an external hard drive and the option turned on.
In one recent example, Hollywood Presbyterian Medical Center paid cyber-terrorists 40 bitcoins (about $17,000) to get the key to release the hospital’s data. I call this a cyber-terrorist attack because it put every patient in the hospital at risk of death or serious injury when doctors and nurses can no longer access the patients records or get access to diagnostic information from monitoring or diagnostic equipment. Hollywood Presbyterian Medical Center is a private hospital in Los Angeles with 434 beds. The hospital CEO, Allen Stefanek, said the paying the terrorists was the “quickest and most efficient way” to regain control of their data systems. The malware attack was first noticed on February 5, and was fully functioning until 10 days later. Clearly, this hospital IT department was not prepared for any kind of a disaster. I expect they will be attacked again, probably by the same terrorists.
The FBI is investigating, but I would not expect them to catch anybody.
The last word:
Packages like Time Machine and File History are great for automatically backing up in the background while you are working, and in general meaning you never have more than one hour’s worth of work to recover. They also make recovery easy, and can give you the file as it was yesterday or last week in case you really messed it up and do throw away the last change effort.
However, they are not very effective in two cases:
- If you have a building failure, they are likely to also get destroyed. A building failure is a case where you cannot get back into the building, perhaps because of a fire, earthquake, biological contamination, police or military action, or terrorist act.
- Some ransomware not only makes the files on your computer’s hard drive inaccessible, but will also destroy or encrypt the files on any attached hard drives, like your Time Machine or File History drive.
If you are paranoid, like me, you should also have an offsite backup. It is now fairly easy and inexpensive to do this with packages like Microsoft OneDrive, Apple iCloud, Carbonite, and a host of others.
Keep your sense of humor.