Local News

City of Durham avoids ransomware threat by backing up data

Posted February 23, 2016
Updated February 24, 2016

— Ransomware, a form of computer virus that discreetly corrupts files, and, as the name indicates, demands that a target pay for those files to be restored, has been detected twice on Durham’s city computers since Friday, according to city officials.

Discreet and dangerous, ransomware can quietly infiltrate and target a computer’s digital record. It can infiltrate a computer through a visit to a website or by the click on an unsafe email.

Pam Guidry-Vollers of The Computer Cellar in Durham said the software attacks the most frequently used files first, making them unreadable.

“It hides in the background; it runs without you knowing it, but what it’s doing is slowly encrypting your files,” Guidry-Vollers said.

In Durham, one computer was reported corrupted on Friday, and another was reported on Tuesday.

The City of Durham did not have to pay a ransom to restore the data because it had ready access to back-up files.

“It does it for a certain amount of time before it will pop up with a message that will say, “Hey, you need to pay us x amount of money to be able to get your stuff back,’” Guidry-Vollers said.

In many cases, there is no option but to pay; the FBI has even recommended payment as the best solution.

Because no one has figured out how to combat the ever-changing code that ransomware users generate, it’s easier to pay the fee, Guidry-Vollers said.

Kerry Goode, of Durham Technical Services, said there was no ransom demand when the software attacked their system on Friday.

"Friday it was reported to our service desk that they couldn’t access the information – an employee in one of the departments," Goode said. "At that point we looked into it; my staff did and they found that it was legitimate."

Goode said the city was able to restore its files without a ransom because – unlike some victims of ransomware – its back-up system remained intact.

“We back up multiple times during a day. We go back about 90 days of backup,” Goode said. “We have very robust backups. When you have to pay it is when you don't have a backup. I'd say in the event you do not have a backup you have no choice, but we have good backups.”

In many cases – because ransomware is so discreet – a computer’s back-up files also end up corrupted, leaving only one option if files want to be returned – paying the fee.

Antivirus software creator Symantec says there have been 100,000 cases of recorded ransomware attacks before January 2013. By the end of 2013, the number skyrocketed to 600,000.


Please with your WRAL.com account to comment on this story. You also will need a Facebook account to comment.

Oldest First
View all
  • Janet Ghumri Feb 24, 2016
    user avatar

    Andy, that is even worse! There is no way to track bit coin? I agree with you that it's probably out of the country. I keep remembering all the hacks that have made big news lately, there's no telling how much information has been compromised.

  • Andy Hairston Feb 24, 2016
    user avatar

    Janet, the fee is paid in bitcoins, which are nearly untraceable. The criminals are almost certainly outside the US, making prosecution nearly impossible, even if caught.

    Interesting set of pictures with this article - a couple generic "hey, fancy tech!" photos, plus a laptop with the most colorful keyboard I've ever seen.

  • Catherine Edwards Feb 24, 2016
    user avatar

    Good for City of Durham. Example of government doing something right.

  • Janet Ghumri Feb 23, 2016
    user avatar

    No option but to pay the fee? ? What are we coming to when the FBI recommends that we pay criminals to get our stuff back? I wish the article would tell us what progress they are making towards tracking these thieves. The money is going somewhere. .. follow the money