The Daily Courier Logo
Trusted local news leader for Prescott area communities since 1882
1:53 PM Tue, Sept. 25th

Can your computer be held hostage?

Hackers lock-up your data, demand ransom (money) to free it

Matt Van Doren/Courier illustration

If your computer hasn’t been hit by a ransomware attack, count yourself lucky.

The global damage done by ransomware is likely to top $5 billion in 2017, according to research firm Cybersecurity Ventures. That’s a massive jump from 2015, when it was $325 million, and the figure represents not just the amount of the ransoms paid, but also the costs of downtime and lost productivity.

Ransomware is any kind of program that infects a computer and keeps the user from accessing certain files until the user pays a ransom.

There are two versions of ransomware that can attack your computer.

“Lock-screen” ransomware displays a window on the computer’s lock screen that prevents access to the computer.

“Encryption” ransomware allows the user to have access to the computer, but encrypts files, making them unreadable. Usually, these are files with sensitive information and are assumed by the hacker to be the most valuable. When the user tries to access the files, a pop-up window informs them that they will be made available again only after a ransom is paid.

The hacker usually demands the funds be paid in bitcoin, because it’s a digital currency that is nearly impossible to track.

All of that is bad enough, but, if you do decide to give the hacker what they demand and pay up, you may find that the hacker is unwilling or unable to unlock your files.

“An example of that is the recent big attack with what was known as ‘WannaCry,’” said Dr. Jon Haass, department chairman of Cyber Security and Intelligence at Embry-Riddle Aeronautical University. “This was a piece of malware that did not even allow the decryptors to know which of the machines had been encrypted,” so even if someone paid the ransom, they didn’t get their files unlocked, because the hackers didn’t know which computers they had attacked.

The most common way ransomware is spread is by emails with malicious attachments, Haass said.

Aside from making an effort to avoid opening sources that can expose your computer, the only solution is to have a back-up hard drive and back up your files to it daily.

“It has to be off-line,” Haass said. “In other words, you can’t just have a USB that connected to your computer and call it your ‘E’ drive. It has to be separate and you don’t keep it plugged in all the time,” or it can be attacked as well.

WHAT DO YOU DO?

Although it is strictly true that no encryption is unbreakable, the fact is, the latest versions can take so long to crack that it becomes impractical, and, of course, standard antivirus or malware software have no effect on it.

But a technician at SofTech Computers in Prescott said his shop gets calls every day from people with computers infected with ransomware, and he has “about a 95 percent success rate” at recovering the files, and it can cost between $50 and $175 to have the work done.

Kyle Bridgeman, owner of Tuff Techies, said his shop can also unlock many computers affected by ransomware.

“It depends,” he said, noting that one fairly common malware, SBI, was “easily defeated, but the newer ones that are going around are tougher to repair.”

Haass said the medical and legal fields are currently the most at-risk because they both rely heavily on data.

“If an employee happens to be connected to a hospital-wide service” when they open the wrong email attachment, “then it could damage the entire network,” he said.

“People need to be aware of the way ransomware arrives,” Haass said. “We need to keep people aware of the (hackers’) changing methods.”