Skip to content
Link copied to clipboard

What to do if your computer is held up for ransom

It can happen to anyone, including the tech-savvy. You click on a seemingly harmless link, or don't even know what went wrong. Suddenly, you lose access to your own computer, and all your crucial files - or, even worse, files shared by a business.

It can happen to anyone, including the tech-savvy. You click on a seemingly harmless link, or don't even know what went wrong. Suddenly, you lose access to your own computer, and all your crucial files - or, even worse, files shared by a business.

How much would you pay to regain control?

Market testing by the bad guys - yes, the tools of capitalism thrive in the Net's back alleys, just as in Silicon Valley - seems to suggest that consumers will pay from $500 to $700 for an outright ransom demand, and that businesses might fork over thousands.

Ransom? No one is saying, "Your money or your files," like some gangster-movie avatar. But they might as well be, which is why this nasty crime is known as "ransomware."

If your home or office computer gets infected, you can expect to see a stark message demanding payment within 72 hours, says security expert Brian Krebs. "It says, you've got this much time to pay the ransom or you can kiss your files goodbye," says the former Washington Post reporter, who now runs krebsonsecurity.com.

What's driving this? Krebs and Stu Sjouwerman, a Florida security consultant and founder of KnowBe4.com, suggest two big factors. One is the increasing sophistication of so-called social-engineering scams. The other is the role of Bitcoin, the cashless and nearly untraceable online payment system favored by the lawless along with anti-central-bank ideologues.

Social engineering works both online and off, as the tech-support scam that snared a newspaper colleague illustrates.

Purportedly from Microsoft, the call came with a warning that his computer was virus-infested and a request to grant the scammer control to fix it - just as a Help Desk staffer might do at your office.

Why might someone succumb? That's where the social engineering comes in - perhaps aided by the trove of personal data traded on the black market thanks to data breaches.

The scammer won my colleague's trust by mentioning details identifying him and his computer. In exchange for cleaning it, the scammer said, all he wanted was access to a bank account to take a payment.

Say no, as my colleague did, and the call can turn nasty - especially if you discover that your password has been changed. Since 2012, the Federal Trade Commission has shut down eight groups of tech-support scammers - including six overseas and two in Florida. Those two alone bilked $120 million from victims.

Ransomware is a bigger threat, if harder to pin down. "Companies don't ever like to talk about getting hacked, and they certainly don't like to admit when they've been put in a very untenable situation," Krebs says. Some decide to pay rather than fight.

Last June, when Justice Department officials announced criminal charges against a gang of Russian and Ukrainian hackers behind the Gameover Zeus Botnet, they said it had been used in part to spread ransomware called Cryptolocker to more than 234,000 computers.

Since Bitcoin's wallets are anonymously owned but publicly visible, that case yielded a clue to the size of ransomware's threat: "The team that took this down originally saw - holy moly, these people made $27 million," Sjouwerman told me.

Bitcoin poses other problems for victims, who are unlikely to have accounts. "They don't know how to get money into the system, and the clock starts ticking," Krebs says. As a deadline nears, the demand can escalate.

Antivirus software can backfire by erasing a key file needed for decryption.

So what does help? Sjouwerman, whose company helps harden firms against vulnerabilities, says such awareness is key, and offers two tips.

One is to guard against spam or phishing e-mails that open a door to malware. "If you didn't ask for it, don't click it," he says.

The other is to maintain careful backups, isolated from intruders. If you can restore your own files, you can just say no to the demand for ransom.

215-854-2776 @jeffgelles