Taken Hostage: Digital ‘Kidnappers’ Holding Computer Data for Ransom

By Charles Kelly, President, Computer Exchange

Believe it or not, there has actually been a protection racket affecting some businesses and individuals in our area. Dozens of people and at least four businesses that I know of have been directly threatened with destruction of valuable property if they didn’t pay up.

I’m not making this up or exaggerating at all. Here is how it works: An employee or owner – or anyone using a computer – gets an official looking email from a prominent financial institution that requires action. That action, which might be as simple as one click, triggers installation of the worst virus you could ever get. This software infiltrates your computer, your network, your flash drives and your external backup drives, establishing a beachhead in each device, identifying and tagging all of your data and in the final checkmate, encrypts this data and then demands a ransom. Pay the ransom and they will give you the decryption key and they even offer proof of life of your data by letting you choose a couple of hostage files and letting them live with a limited decryption key.

We have been seeing this since early 2014 and at first we could recover the data, but beginning in 2015 the ransomware variants like Cryptowall and Cryptoblocker have become unbreakable without paying the ransom. In several recent cases, it was caught early by sheer luck and total encryption of data was avoided, but in other cases, mostly involving home users, the data was encrypted and everything was lost. I would point out that no customer of ours that is on our highest level of service, meaning monthly managed services, has had this problem.

Since Computer Exchange does not require service contracts and we have four retail locations, which take in nearly 800 computers a month for service, we see the effects of a cavalier attitude to IT security almost every day. We preach backups as I did in my last article and we always recommend regular management of data and a disaster recovery plan. But many customers ignore these suggestions and warnings as they have not suffered any ill effects to date. I hope that these attitudes change before you lose valuable personal data, business records or even the ability to do business.

In Los Angeles, the Hollywood Presbyterian Medical Center was essentially shut down and doing business with paper and pen last month until they agreed to pay a ransom of $17,000 paid in Bitcoins. (That’s roughly 40 bitcoins at current valuations). After paying the ransom, they were able to resume normal operations.

It is my guess that an employee clicked on a personal email that looked official, the hospital did not have an aggressive or properly funded IT department and had no real backup protocol. In the end, it was easier and cheaper to pay the $17,000.

You could call the law, but several law enforcement offices across the country have paid similar ransoms, and those average payments are probably more in the $500 range. In many cases the FBI cybercrime investigators suggest paying the ransom. Most victims, though, simply never report the crime and it is estimated that up to 44 percent of those victims pay the ransom.

Do I have your attention yet or are you ready to protect you and your company from this modern day “protection racket?”

A successful attack like this has the same effect on your data as fire, flood, tornado or theft that destroys your data, only now the odds of a catastrophic data loss are much higher.

You must have a scheduled, industry standard, segregated backup of your data in place and you must have a disaster recovery plan in place. That has always been the recommendation, but now the odds that you will need to use such a plan have gone up.

You should certainly have firewalls, antivirus, managed email and all of the layered security that will prevent that catastrophic software from entering your network, but that only gives you better odds. Although there are some expensive products that are close to 100 percent effective, it could still happen, so you have to have good security up front and a disaster recovery plan for the worst case scenario.

You could still have a fire or a tornado destroy your network or a thief could break in and steal your server and the physical backups, but a much more likely scenario is that someone clicks on something they shouldn’t and you end up with the digital equivalent of a Tony Soprano living in your network, demanding payment, and he is not joking – pay up or you won’t see your data again.

If you don’t have proper backups and security in place, do something about it and do it quickly. This problem is only going to get worse. Call your IT company, call us, call me, but call someone before you find yourself contemplating converting dollars to Bitcoins.

Charles Kelly is President of Computer Exchange, with four locations in the CSRA: South Augusta, North Augusta, Martinez and Grovetown. Computer Exchange specializes in computer solutions for home and business. For answers to your computer questions, email him at charles@computerexchange.com.

Leave a Reply