Beware of ransomware, the latest cybercrime epidemic

A computer scam making the rounds could cost you hundreds of dollars or the ability to access your most precious pictures and sensitive files.

It’s called ransomware. It’s a type of malware that locks up computers or computer files and won’t allow users to access them unless they pay up.

“It’s heartbreaking,” said Jeremy Buschine, the director of IT service and repair at ClickAway, a Northern California chain of computer repair shops. “It’s about as close to cyberterrorism as I’ve ever seen.”

Ransomware works like other types of malware. It’s malicious software that typically gets onto users’ computers when they open email attachments that have it embedded, visit infected Web pages or download certain software. But unlike those other types of malware, ransomware uses encryption to scramble users’ files. While they might be able to delete the ransomware after their machine has been infected, they often can’t unscramble their data without the hackers’ help.

Ransomware’s been around for a while – the first prototype was described in the 1990s, according to security researchers – but it’s become a huge problem in just the last six months. Security researchers have noted a huge uptick in the number of actual and attempted infections and in the types of ransomware circulating in the wild.

“Beginning this year, it really became an epidemic,” said Ryan Naraine, head of the global research and analysis team at Kaspersky Lab, a security software company.

In recent months, hospitals, schools and even police offices have been hit with ransomware. In February, for example, Hollywood Presbyterian Medical Center in Los Angeles acknowledged that it paid cybercriminals $17,000 to unlock its computers after they were infected with ransomware.

(In March, Fresno State warned that university accounts were receiving ransomware emails.)

Cybercriminals are glomming on to ransomware, because it often works and it makes them money, security experts say. And it’s been boosted by two technical advances. In late 2013, CyptoLocker, a malware tool that encrypts the files of infected computers, started circulating. More recently, criminals have begun selling ransomware software on the so-called Dark Web, allowing even those without a technical background to get into the cyberransom game.

Windows users are the most at risk; the vast majority of ransomware targets PCs. But users of other devices aren’t immune. Researchers have seen ransomware circulating on the Internet that targets Mac computers and Android smartphones and tablets.

Because there’s often no way to treat a ransomware-infected computer, the best way to defend yourself is to practice basic computer hygiene, including running anti-virus software, keeping that and other software on your computer up-to-date and making frequent backups of your data to a drive or service that is typically disconnected from your machine.

That last bit is important, because the latest versions of ransomware can infect not just your main hard drive, but any external drives that are attached and online storage services like Dropbox that appear to be external folders or drives.

“A backup solves all sorts of ills,” said Bruce Schneier, chief technology officer at Resilient Systems, an IBM-owned security company. “You can save a lot of money by building a better system before you’re infected.”

Troy Wolverton is a technology columnist for the San Jose Mercury News. Read more at twolverton@mercurynews. com, @troywolv

ransomware on the rise

  • By the end of 2014, there were only 16 main families, or types, of ransomware in the wild, according to Malwarebytes. Last year, there were 27 new ones. In the first quarter of this year alone there were 15 new families added.
  • About 60 percent of the malware infections encountered by anti-virus company Malwarebytes are now ransomware.
  • The number of ransomware infections detected by Enigma Software’s SpyHunter software in the United States jumped by 158 percent just between March and April of this year.
  • In the first quarter of this year, Kaspersky’s anti-virus software blocked ransomware from installing on the computers of 372,602 users, up by 30 percent from the previous quarter.
  • Some 2,453 ransomware complaints were filed with the FBI’s Internet Crime Complaint Center last year, with reported losses tallying more than $25 million.

Source: Mercury News research

What to do if your computer is infected

Here are some tips on dealing with ransomware if you don’t have a backup:

  • Disconnect your computer. In some cases, if you detect the infection early enough, you can minimize the damage by taking your PC offline.
  • Determine the scope of the infection. If you stop the infection in time, the ransomware may not lock up all your files. If you can live without the ones you lost, back up what’s left and clear the infection.
  • Look for a countermeasure. If you determine the type of ransomware, you can sometimes find software that will decrypt your files.
  • Consult with a computer technician or repair shop. A technician may be able to help you recover your files, particularly if the malware attack is relatively unsophisticated.
  • Pay the ransom. This should be your last resort. The FBI advises against it, warning it only encourages criminals. And there’s no guarantee if you pay the ransom that the hackers will give you either the key needed or sufficient time to recover all your files. But if you can’t get access to your files any other way and your business depends on them or they include irreplaceable items, like the first video of your kid walking, you may have no other choice.

Source: Mercury News research