What’s This Ransomware I Keep Hearing About?

Ransomware is an ever- evolving type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files until a ransom is paid. The malware is primarily inserted through fraudulent links/websites distributed through emails, pop-ups and/or message boards. Once embedded in your system, the malware begins a rapid encryption of both system and personal files. You’ll then see something similar to the above photo, and then a message with instructions to pay a “ransom” for a decryption key. (Security experts state that most ransomware attacks originate in Russia and Eastern Europe.)

If you follow the news, you’ve probably heard of some high profile ransomware attacks. Over the past several years, these attacks have targeted government and city offices, hospitals, schools, police departments, and professional services such as attorneys and accountants. Needless to say, all of those situations provide immense access to critical, personal data.

But Don’t These People Run Anti-Virus Software?

Of course they do. But please note the “ever-evolving” aspect of the ransomware. Anti-virus software is traditionally reactive. It struggles to guess what the next evolved attack will look like, therefore, it reacts to these attacks after they’re discovered. Which means, if you’re one of the entities already attacked, you’re essentially a test case and out of luck. Hopefully you have an off-site dat back up in place.

So What Happens If I Get Hit With A Ransomware Attack?

If your system/files have been totally encrypted, you essentially have two choices: wipe the system, scan for malware, and re-install your backup, or, take your chances and pay the ransom. (It should be noted that after several back-and-forths, the FBI suggests never paying the ransom.) That being said, to date, no one, including the best cyber crime minds in the world, has ever defeated a full ransomware encryption.

Recent, high profile victims of large scale ransom attacks include:

  • City of Atlanta
  • FedEx
  • Nissan
  • Colorado Dept. of Transportation
  • Port of San Diego
  • Epiq Global (legal services company)
  • Merck Pharmaceuticals
  • City of Riviera Beach, FL
  • Multiple police and sheriff departments (5 in Maine, Collinsville, AL)
  • Huntsville, AL School District (note that the FBI Cyber-Crime Unit is stationed in Huntsville, AL)

So What Kind of Ransoms Are We Talking About?

They vary. Current demands range from $200 (individuals like you and me) to millions of dollars for corporate, governmental, and professional groups. These ransoms are often demanded in the form of cyrptocurrencies, money orders, or gift cards, with instructions on transactions included.

So I’ll Follow The FBI Advice And Not Pay, Now What?

As previously stated, you’ll need to wipe your system, scan for malware, and reinstall your backup data. Easier said than done. Let’s suppose you’re a city government hit with a ransomware attack. You’d have multiple off-site systems and millions of data files. School districts? Hospitals? Court systems? Even with off-site data backups, which incidentally many recent large scale ransomware attack victims did not have, the costs are astronomical.

SOPHOS, an international security software and hardware company, estimates the average U.S. cost to rectify a ransomware attack at $852,866.00. (They also claim to have the ability to prevent such attacks. (See above re: Anti-virus software.)

These costs include entities that paid paid the ransom, and those who spent a considerable about of time and resources to re-do their systems.

Most corporations and governmental agencies have insurance for these attacks. However, if your local municipality, or school district gets hit with an attack, keep in mind that your taxes go towards those ever increasing insurance costs.

As Joe Average Citizen, Why Not Just Pay?

Can you really trust a criminal? Who’s to say that the decryption key will work? Or if it does unlock your files, can you be certain that you won’t be targeted as an easy mark for future attacks? Keep in mind that these criminals basically have no interest in your pictures of pets and grandchildren. They’re after your money and rely on your value of those pictures. Bottom line: back up your personal data (documents, photos, music, downloads) on an external source!

Thanks A Lot, Now I’M Afraid To Use My Computer!

You’ve probably heard my previous rants about clicking on random links and falling for fake pop-up messages in your browser.

Here’s a quick tutorial on website links:

Most suspect weblinks will have a bogus domain name, or a path that appears as gibberish (hj4;j4`;j4r9rjjlkl). If you don’t recognize either as a site you wish to visit, DON’T CLICK IT.

And once again, Microsoft, Apple, Google, Amazon, etc., will never send you a pop-up message asking you to call them!

If you have questions, concerns, need assistance with malware, or help with backing up data, you can call me at 843.314.0596 or email me at jlawcompsvcs@gmail.com.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s