5 On Your Side

Regular file backup one solution to ransomware threat

Posted April 27
Updated April 28

— According to security experts, as you read this, someone somewhere is clicking a link in an email or activating macros in a malicious document.

And in seconds, every bit of information on their computer – passwords, photos, emails and more – is gone.

The Federal Trade Commission calls "ransomware" one of the most serious online threats.

In a ransomware attack, a malicious actor locks or steals all the files from a computer – which can include banking information, personal photos, saved passwords and confidential business documents -- and then asks for money to get them back.

Many of the attacks begin with an email that looks legitimate.

As soon as Tony Cox clicked a link that was supposedly from FedEx about an undeliverable package, his files started disappearing.

"The files were gone, and they were encrypted files under different names," Cox said. "And not only on the computer, but on the hard drive I was copying them from."

Scammers hide ransomware in email, on websites and in apps. When it hits, victims often can't access anything.

One attack on a smartphone threatened to sell some of the owner's personal information on the black market every 30 minutes unless the ransom was paid.

Hackers often demand hundreds or even thousands of dollars, often in virtual currency called Bitcoin.

Nationwide, scammers have made ransomware attacks on people, businesses, hospitals, colleges and even police departments.

Experts estimate that victims paid hackers $1 billion in 2016. The Federal Trade Commission says ransomware is currently the most profitable form of malware being used.

Jon Sternstein, the owner of Raleigh-based data consulting firm Stern Security, says it's a huge problem. The attacks have shut down entire companies.

"Studies show that every 40 seconds another business is infected with ransomware," Sternstein said. "Ransomware has spread throughout their entire network and shut down every single computer."

A hospital in Los Angeles was forced to abandon its computers and use paper records because of an attack. In Durham, ransomware was detected twice on the city's computers in 2016.

Victims of ransomware normally get a pop-up message on their screen.

Backing up files, keeping software updated can help fend off ransomware

"It will say, 'All your files have been locked, and to get them back, you're going to have to pay a ransom,'" Consumer Reports' Jerry Beilinson said. "We suggest that you not click on the window unless you are willing to pay."

Bielinson says the best defense against ransomware is to keep computer files backed up.

"If you have a recent backup of your data, you probably won't need to pay the ransom," he said. "But if you don't have recent backup, you very well may have to pay the ransom in order to get your files back."

Even those that do pay may not see their device return to normal.

Consumer Reports recommends being very cautious with opening links. Keep your computer's operating system and security software updated. With phones, experts say only download apps from official sites such as Apple or Google Play.

If you are attacked, visit nomoreransom.org. They may be able to point you to a fix that won't require paying up.

Cox had to reformat his hard drives and operating system to get his computer working again. Despite that, he did lose files in the attack. Now, he makes sure to frequently back up his files.

"I am a bit tech savvy, so I do feel a bit embarrassed," he said. "If it happens again, I'm going to be ready."

The FBI says paying ransoms may actually prompt attacks from others, which is why prevention is the best bet.

FBI: Filing a complaint with the IC3

Some experts are predicting that cloud computing services could also be attacked. They say it's a target that could result in ransom payments of millions of dollars.

Another scam to be aware of involves technical support services. Victims will get a pop-up message or phone call allegedly from a well-known company saying it detected a virus or malware on a laptop.

The goal for those scammers is to be given access to your computer, which can be done remotely if you allow it.


Please with your WRAL.com account to comment on this story. You also will need a Facebook account to comment.

Oldest First
View all