'Your Money or Your Files' as Threat of Online Stickups Grows
You’re an entrepreneur, managing the business from your PC.
You’re a doting mother, with hundreds of photos of your children on your
laptop. Now, if someone seized all those files, how much would you pay
to get them back?
There’s nothing theoretical about the scenario.
Hundreds of thousands of people have had to wrestle with that question
as so-called ransomware infections have surged, encrypting billions of
documents. Hackers demand hundreds or thousands of dollars to provide
the key that unscrambles files so you can view and use them again. One
particularly virulent strain, called CryptoWall, has infected about
625,000 systems and encrypted more than 5.25 billion files since
mid-March, according to new research from Dell SecureWorks. One desperate U.S. victim paid the hackers $10,000.
Most
malware is like a pickpocket, taking your valuables before you’re aware
of it. CryptoWall and other ransomware is like a mugger: your money or
your files. It’s smart, really, because in most cases, your files are
most valuable to you. It’s also easy money for hackers, a lot less work
than trying to sell 40 million purloined card numbers on the black
market, a la the Target breach. Keith Jarvis, a SecureWorks researcher
in Atlanta, found that 1,683 CryptoWall victims forked over a total of
$1.1 million to the hackers.
“There’s nothing going on in the back end for these guys, they
just sit back and wait for the money to come in,” says Jarvis. “They
don’t have to paw through the data, they don’t have to figure out how to
sell it.”
The stickup artists have also gotten a lot better at
the scam in recent months. Ransomware started surfacing a few years ago,
designed to lock your computer screen and demand money to get access
back, says Jarvis. It was a bluff, though; the hackers might claim your
files were encrypted, but they weren’t. Victims could break the lock
with security software. The criminals relied on ignorance and threats of
legal action for illegal downloads of movies or pornography to cow
people into paying.
A more powerful version emerged last September
called CryptoLocker, which, as the name suggests, really did encrypt
files. If you didn’t pay, you lost your files forever. CryptoLocker
spread to more than 530,000 machines, reaping $3 million for the group
behind it, according to Fox-IT, before the infrastructure it relied on got taken down as part of a massive law enforcement effort in late May.
TDHServices, a small construction company
near Houston that specializes in doors and frames, got hit in October.
An office worker set the malware loose by clicking on an e-mail
attachment, and within 24 hours up to 40,000 files on the company’s
server and its cloud backup files were encrypted, says Julian Ramos,
TDH’s vice president and the son of the company’s founder.
“We had 15 years’ worth of work in that server,” he says.
The
screen displayed on the compromised computer had an ominous-looking
timer that counted down from 72 hours, the ransom deadline, Ramos
remembers. He quickly figured out he wasn’t going to be able to break
it, and his father paid the $300 demanded. The thieves kept their end of
the bargain and decrypted the company’s files. If they hadn’t,
TDHServices might now be out of business.
“I don’t know what the threshold is where we would have said
no,” Ramos says. “I think we probably would have paid up to every penny
we all had, because every file is important.”
CryptoWall is the
latest ransomware du jour, and it also does the encryption right. Unless
you have backups somewhere unconnected to your computer or server,
there’s no way to get your files without paying. Rates vary; SecureWorks
saw one victim shell out $10,000, but most paid $500 to $1,000.
Although large enterprises may have enough protections in place to foil
ransomware on their networks, small businesses and individuals often
don’t, Jarvis says. Adding to the headache: The CryptoWall group
requires payment in Bitcoin, which most people and businesses don’t use.
More
traditional ransomware varieties are also on the rise. Kovter, one of
the screen-locking types, reached a high of 43,713 infections on a
single day in June, according to security company Damballa. For the third quarter so far, the peak count for a single day has already surpassed that, at 59,589.
At
TDHServices, no one in the office opens anything unless they recognize
it, and the cloud file backup has its own backup. Just to be safe, Ramos
also copies everything to a separate external hard drive on Fridays,
before he leaves.
“We saw a police report that said don’t
pay ’em,” Ramos says. “And I thought, ‘That’s easy for you to say, it’s
not your business that’s on the line.’”
No comments:
Post a Comment