City of Durham avoids ransomware threat by backing up data

Ransomware has been detected twice in Durham's city departments since Friday, according to city officials.

Posted 10:01 p.m. Feb 23, 2016 — Updated 2:26 p.m. Feb 24, 2016

DURHAM, N.C. — Ransomware, a form of computer virus that discreetly corrupts files, and, as the name indicates, demands that a target pay for those files to be restored, has been detected twice on Durham’s city computers since Friday, according to city officials.

Discreet and dangerous, ransomware can quietly infiltrate and target a computer’s digital record. It can infiltrate a computer through a visit to a website or by the click on an unsafe email.

Pam Guidry-Vollers of The Computer Cellar in Durham said the software attacks the most frequently used files first, making them unreadable.

“It hides in the background; it runs without you knowing it, but what it’s doing is slowly encrypting your files,” Guidry-Vollers said.

In Durham, one computer was reported corrupted on Friday, and another was reported on Tuesday.

The City of Durham did not have to pay a ransom to restore the data because it had ready access to back-up files.

“It does it for a certain amount of time before it will pop up with a message that will say, “Hey, you need to pay us x amount of money to be able to get your stuff back,’” Guidry-Vollers said.

In many cases, there is no option but to pay; the FBI has even recommended payment as the best solution.

Because no one has figured out how to combat the ever-changing code that ransomware users generate, it’s easier to pay the fee, Guidry-Vollers said.

Kerry Goode, of Durham Technical Services, said there was no ransom demand when the software attacked their system on Friday.

"Friday it was reported to our service desk that they couldn’t access the information – an employee in one of the departments," Goode said. "At that point we looked into it; my staff did and they found that it was legitimate."

Goode said the city was able to restore its files without a ransom because – unlike some victims of ransomware – its back-up system remained intact.

“We back up multiple times during a day. We go back about 90 days of backup,” Goode said. “We have very robust backups. When you have to pay it is when you don't have a backup. I'd say in the event you do not have a backup you have no choice, but we have good backups.”

In many cases – because ransomware is so discreet – a computer’s back-up files also end up corrupted, leaving only one option if files want to be returned – paying the fee.

Antivirus software creator Symantec says there have been 100,000 cases of recorded ransomware attacks before January 2013. By the end of 2013, the number skyrocketed to 600,000.

Suggest A Correction