By ALAN J. ORTBALS
On Saturday, Feb. 20, a local business owner, a John Doe who wishes to remain anonymous, went into his office to get some work done. He tried to access a file on his computer — nothing. He tried three or four different files. He couldn’t open any of them. He did a directory search and found the Le Chiffre virus was attached to every one of them. Le Chiffre, one of many computer viruses generically referred to as ransomware, is a virus that encrypts all the files on your computer. Others include Reveton, CryptoLocker, TorrentLocker, Cryptowall and KeRanger.
If you have been hit with a ransomware virus, when you try to access any of the files on your computer, you get a pop up that tells you that your files have been encrypted. The popup also demands a ransom and sets a deadline for payment. If the ransom, which is generally demanded in Bitcoin, an untraceable digital currency system, is released by the deadline, the hackers promise to send a code you can use to decrypt your files. If not, the ransom amount doubles; a new deadline is set; and, if that is not paid in time, they threaten to delete all of your files. However, like any other kidnapping for ransom, there is no guarantee that they will send the code and not delete your files.
Doe said he didn’t know how the virus got into his computer. It could have been via an email; through a download; or it could have been by what’s called a blunt force attack in which the hackers used software to decipher his password. PC World magazine has reported that ransomware is typically distributed through spam messages that try to trick people into opening attachments such as fake invoices.
Doe called the Madison County Sheriff’s office and the FBI but there was nothing either could do. It’s not possible to even determine where in the world the hackers were. He called his insurance company but ransom is not covered. He called some friends who are computer experts. Their advice — pay the ransom. He did. It was $2,200. Luckily, Doe received the code and was able to decrypt his files but the hackers let him know that they would be back.
“The frustrating part is if somebody steals my computer or steals anything out of this office, I’m covered by insurance,” Doe said. “With this, the Sheriff’s Office was very sorry it happened to me. The FBI was very sorry it happened to me. But no one could do anything about it and my insurance wouldn’t cover it. I’ve been violated. I’ve been robbed but there’s not anything that can really be done about it.”
While Doe wished to remain anonymous, he also wanted to warn others of the danger of being hit with ransomware that could happen any time. It’s virtually impossible to keep them out if they want to get in, he said, so the best policy is to back-up your files often to minimize losses and do it such that the hackers can’t also access your back-up. If they do, they encrypt that, too.
Lt. David Vucich of the Madison County Sheriff’s Office is the department’s computer forensics detective and a member of the FBI’s Cyber Crimes Task Force known as the Metro-East Computer Crimes Task Force. He said that ransomware is a growing problem but it’s not known how great it is because there’s no way of knowing how many victims choose not to report it to the authorities.
“I first became aware of this about five or six years ago,” Vucich said. “These hackers frequently target small businesses because obviously they have limited funding to safeguard their computers; frequently lack training in IT security and; are not up to date on new malware, how to recognize it and what to do about it.”
But small businesses are not the only ones at risk. A California hospital, Hollywood Presbyterian Medical Center, was attacked in February and had to pay the hackers $17,000 to release its files. Methodist Hospital in Henderson, Ky., was hit in March.
Vucich said that you can’t stop the hackers if they really want to get into your computer but there are things you can do to discourage them.
• Make sure that your current operating systems are up to date and secure;
• Only authorized personnel should have physical access to your computer;
• Make sure that good firewall procedures and IT policies are in place.
• Do not click on any suspicious e-mails or links;
• Have good virus and malware software installed on your computers; and
• Change your passwords and do not give them out to others.
“I would compare it to safeguarding your residence,” Vucich said. “Is there any residence that can’t be broken into? No. But, you can take certain steps to make the offender go on to a different house. There’s no system that’s going to be 100 percent secure but, if good policies are in place and good practices are adhered to, it will help combat the issue and help prevent it, which is what we’re here to do.”