Your Money or Your Life

Your Money or Your Life

from the April 25, 2016 eNews issue

Jigsaw’s ransom note (Image: Trend Micro)

Jigsaw’s ransom note (Image: Trend Micro)

See, I am sending you out like sheep among wolves. So be as cunning as serpents and as innocent as doves.

Matthew 10:16, (ISV)

Your personal computer is under a greater threat than ever before.

Your Machine Could Catch a Cold

Since you are reading this article, you have at least a measure of computer literacy. You have also been exposed to all the hazards of what goes along with the benefits of the Internet. Besides all the trash, ads, and spam you cannot seem to help but trip across, you also run the risk of your computer catching a virus. It is almost inevitable. Once you connect your computer to the Internet, without anti-virus protection, the time it takes for your computer to be infected is, on the average, four minutes. (This, of course, depends on many factors.)

In the past, a virus may just delete files on your machine, requiring your machine to be reloaded with your operating system. It could also take the form of your Web browser being hijacked and having an unfamiliar toolbar being loaded every time you use it, always showing you annoying ads.

Most times, these types of viruses could be removed and were irritating at best.

A Whole New Threat

Today there is a new threat taking over computers that is more dangerous than ever. It is called ransomware. Ransomware is a type of malware that prevents or limits users from accessing the files on their computer. Ransomware encrypts the files on the computer, making the files impossible to read. To get their files back, the user has to pay a ransom through a given online payment method. One of the most common forms of ransomware is a program called Cryptolocker.

Encryption message (Image: TrendMicro)

(Image: TrendMicro)

The ransom prices vary, ranging anywhere from $24 to more than $600. Some criminals demand payment in bitcoin, the new currency equivalent. Paying the ransom, however, does not always guarantee the user always gets their data back. Many times, the user pays the ransom and gets a useless code key in return.

Users may encounter ransomware through a variety of means. Ransomware may be downloaded by visiting a website. It does not have to be a disreputable site to transmit ransomware or any other virus for that matter. A few weeks ago, The Washington Post website was compromised and anyone who visited the site over a 12-hour period contracted a virus. Ransomware can also be delivered to a computer as an attachment to an email, usually delivered as spam.

Once run on the system, usually by opening an attachment, or clicking on a link on a website, ransomware can either (1) lock the computer screen or (2) encrypt files with a password. If it locks the screen, ransomware shows a full-screen image, which prevents victims from using their computer. It also gives instructions on how users can pay the ransom. (Some low-end criminals just try to intimidate you by showing you a scary screen telling you to call a number and give them your credit card information when all you have to do is reboot your machine and the machine will behave normally.) The second type of ransomware locks your data files like documents, spreadsheets and other important files. That can really cause trouble.

A Virus that Mocks You

There is an even newer threat that adds insult to injury. It is ransomware that mocks you. It is a ransomware called Jigsaw. This brand of ransomware taunts you by slowly deleting your encrypted files while increasing the ransom demand until you pay for the decryption key. Adding to the injury, if you reboot your PC, the ransomware will delete 1,000 files at once as a reprisal.

The ransomware also uses a countdown timer to show the victim how much time is left before more files get deleted, and the ransom demand increases. After 72 hours, the ransomware deletes every encrypted file on the computer. It also changes the extension of every file to “.FUN”. For Jigsaw, the ransom note exists in both English and Portuguese. The Jigsaw hackers list the lowest possible amount that victims can pay, before the demand starts increasing, ranging from $20 to $150 in bitcoins.

Little Help from Law Enforcement

People who have been hit with ransomware have had little help from law enforcement. While the official position of the FBI is not to pay a ransom, unofficially they will tell a victim to do what they think is best. Tracing the hacker is very difficult, and finding where the payments end up, especially if it is in bitcoins, is almost impossible. In addition, many of the perpetrators behind the ransom demands are located in Eastern Europe, outside the reach of U.S. extradition agreements.

Health care organizations have recently paid off their ransomware attackers. Several security experts have stated they expect such behavior to drive even more cybercrime gangs to target the health care sector because hospitals are earning a reputation for being relatively easy marks.

Hollywood Presbyterian Hospital found themselves a victim of ransomware. On Feb. 5, the hospital staff noticed they had issues accessing patient files. The information technology department began an investigation and determined they were the victim of a ransomware attack. In this case, they paid the ransom. They felt they had no choice; they had to access the patient’s records.

Individuals have fallen victim to this as well. This writer has received panicked phone calls from friends wanting to know what to do when the dreaded ransomware image appears on their screen. Sometimes we have been able to retrieve their files from recent backups. Without a good backup, they have paid the ransom. Others have simply lost their data altogether. This reinforces the value of having current, valid backups.

Avoid Being a Victim

There are a few simple things you can do to avoid falling victim to ransomware.

  • Do not interact with spam email: By clicking links or opening suspicious attachments, you could be inviting ransomware, or other malware, onto your computer. Just delete spam immediately without opening it.
  • Avoid suspicious sites and downloads: Avoid websites that promise free software. Remember, if a website promises a free product… you are the product. Many teens believe that a website that offers free music downloads must be OK. Unless you have a subscription (i.e., Amazon, iTunes, etc.) it most likely is not free. Warn the people in your home that websites that offer free downloads may be illegal and may be a source of malware.
  • Protect your computer with good anti-virus software: The software does not have to be expensive. There are some good reputable anti-virus software programs available. Look at this article from PC Magazine for a review of The Best Free Anti-virus Utilities for 2016. Most of these programs offer good basic protection for free and added features for an additional charge.
  • Back up your computer often: Even with an encryption key, ransomware is hard to remove. The best way to recover from a ransomware attack is to have a good backup.
  • Update your operating system: Do not neglect updating your operating system patches. Most Windows and Apple operating systems will prompt you if your system needs to be updated. Some people do not want to take the time to update their computer and simply turn off the machine. DO NOT DO THAT. Let the machine run the updates. Many updates include security updates that will patch vulnerabilities in your system and prevent malware from taking hold.

A certain measure of vigilance will keep your computer safe.

Related Articles

– FROM: KHouse.Org

Leave a Reply