Beware of ransomware, the latest cybercrime epidemic

May 20, 2016 by Troy Wolverton, The Mercury News
Credit: George Hodan/Public Domain

A computer scam making the rounds could cost you hundreds of dollars or the ability to access your most precious pictures and sensitive files.

It's called ransomware. It's a type of malware that locks up computers or computer and won't allow users to access them unless they pay up.

"It's heartbreaking," said Jeremy Buschine, the director of IT service and repair at ClickAway, a chain of computer repair shops headquartered in Silicon Valley. "It's about as close to cyberterrorism as I've ever seen."

Ransomware works like other types of malware. It's malicious software that typically gets onto users' computers when they open email attachments that have it embedded, visit infected Web pages or download certain software. But unlike those other types of malware, ransomware uses encryption to scramble users' files. While they might be able to delete the ransomware after their machine's been infected, they often can't unscramble their data without the hackers' help.

Ransomware's been around for a while - the first prototype was described in the 1990s, according to - but it's become a huge problem in just the last six months. Security researchers have noted a huge uptick in the number of actual and attempted infections and in the types of ransomware circulating in the wild.

"Beginning this year, it really became an epidemic," said Ryan Naraine, head of the global research and analysis team at Kaspersky Lab, a security software company.

In recent months, hospitals, schools and even police offices have been hit with ransomware. In February, for example, Hollywood Presbyterian Medical Center in Los Angeles acknowledged that it paid cybercriminals $17,000 to unlock its computers after they were infected with ransomware.

But individuals as well as institutions are being affected. Helen Tindall, a retired county worker who lives in San Jose, Calif., recently had a computer get hit with a primitive form of ransomware. Tindall, 75, allowed someone purporting to be a "Microsoft-certified technician" who reached her by phone to have remote access to her computer to supposedly fix the problems he said were coming from it. But instead of fixing any problems, the so-called technician installed software that flashed a message warning of other problems and gave a 1-800 number to call. When Tindall called the number, the helpful people who answered demanded $400 to remove the they had installed on her machine.

Fortunately for Tindall, the malware the hackers installed on her computer didn't encrypt her files, which included some art photographs she had taken. She was able to take her computer to an actual technician at the Geek Squad, Best Buy's in-house repair service, who was able to recover her files and delete the malware from her machine. But the ordeal cost her around $200 and a lot of stress.

"I couldn't go to sleep," she said.

Others aren't so lucky. A Bay Area attorney who is a client of the Cheap Squad, a small computer repair shop in downtown San Jose, had his work computers with his case files on them infected with ransomware. Feeling like he didn't have a choice, the attorney paid the $500 ransom to get the key to unlock his files. But the key only unlocked the files for a limited time, which wasn't long enough for the attorney to recover them all. He ended up paying another $500 to get more time to transfer them.

Not that long ago, the Cheap Squad would only see about one case of ransomware every three months, said owner Jeremy Prader. Now, though, the shop is seeing about two cases every week.

"It's definitely jumped up a lot," Prader said. "And it's only going get worse."

Cybercriminals are glomming on to ransomware, because it often works and it makes them money, security experts say. And it's been boosted by two technical advances. In late 2013, CyptoLocker, a malware tool that encrypts the files of infected computers, started circulating. More recently, criminals have begun selling ransomware software on the so-called Dark Web, allowing even those without a technical background to get into the cyberransom game.

Windows users are the most at risk; the vast majority of ransomware targets PCs. But users of other devices aren't immune. Researchers have seen ransomware circulating on the Internet that targets Mac computers and Android smartphones and tablets.

Because there's often no way to treat a ransomware-infected computer, the best way to defend yourself is to practice basic computer hygiene, including running anti-virus software, keeping that and other software on your computer up-to-date and making frequent backups of your data to a drive or service that is typically disconnected from your machine.

That last bit is important, because the latest versions of ransomware can infect not just your main hard drive, but any external drives that are attached and online storage services like Dropbox that appear to be external folders or drives.

"A backup solves all sorts of ills," said Bruce Schneier, chief technology officer at Resilient Systems, an IBM-owned security company. "You can save a lot of money by building a better system before you're infected."


By the end of 2014, there were only 16 main families, or types, of ransomware in the wild, according to Malwarebytes. Last year, there were 27 new ones. In the first quarter of this year alone there were 15 new families added.

About 60 percent of the malware infections encountered by anti-virus company Malwarebytes are now ransomware.

The number of ransomware infections detected by Enigma Software's SpyHunter software in the United States jumped by 158 percent just between March and April of this year.

In the first quarter of this year, Kaspersky's anti-virus software blocked ransomware from installing on the computers of 372,602 users, up by 30 percent from the previous quarter.

Some 2,453 ransomware complaints were filed with the FBI's Internet Crime Complaint Center last year, with reported losses tallying more than $25 million.

-Source: Mercury News research


What to do if your computer is infected

Here are some tips on dealing with ransomware if you don't have a backup.

-Disconnect your computer. In some cases, if you detect the infection early enough, you can minimize the damage by taking your PC offline.

-Determine the scope of the infection. If you stop the infection in time, the ransomware may not lock up all your files. If you can live without the ones you lost, backup what's left and clear the infection.

-Look for a countermeasure. If you determine the type of , you can sometimes find software that will decrypt your files.

-Consult with a technician or repair shop. A technician may be able to help you recover your files, particularly if the malware attack is relatively unsophisticated.

-Pay the ransom. This should be your last resort. The FBI advises against it, warning it only encourages criminals. And there's no guarantee if you pay the ransom that the hackers will give you either the key needed or sufficient time to recover all your files. But if you can't get access to your files any other way and your business depends on them or they include irreplaceable items, like the first video of your kid walking, you may have no other choice.

Explore further: Epidemic of 'ransomware' is growing hacking threat


Related Stories

Researchers say new generation of ransomware emerging

April 11, 2016

An unusual strain of virus-like hacker software that exploits computer server vulnerabilities without requiring human interaction is a leading example of a new generation of "ransomware," according to a new report by Cisco ...

Can we stay safe against the threat of ransomware?

August 10, 2015

The possibility of losing all of your files and photos on your computer is a frightening prospect for most people. So much so, that large numbers of users are choosing to pay the criminals holding them to ransom rather than ...

Why ransomware is on the rise

February 25, 2016

A California hospital recently had its patients' records held hostage. But the perpetrators did not commandeer a room full of paper files. They were in fact hackers who restricted access to the electronic records and demanded ...

Five ways to become a smaller target for ransomware hackers

April 5, 2016

Hacking for ransom is on the rise—on pace to beat out last year's figures—and hits people where it hurts, locking them out of files, photos and critical records until they pay hackers a bounty to restore their access. ...

A Q&A about the malicious software known as ransomware

April 8, 2015

Ransomware is a growing threat to computer users, who can suddenly find they're unable to open or use their files when their machines are infected. The malicious software can attack any user—an individual, small business, ...

Recommended for you

Engineering cellular function without living cells

March 25, 2019

Genes in living cells are activated – or not – by proteins called transcription factors. The mechanisms by which these proteins activate certain genes and deactivate others play a fundamental role in many biological processes. ...

What ionized the universe?

March 25, 2019

The sparsely distributed hot gas that exists in the space between galaxies, the intergalactic medium, is ionized. The question is, how? Astronomers know that once the early universe expanded and cooled enough, hydrogen (its ...

Catalyst advance removes pollutants at low temperatures

March 25, 2019

Researchers at Washington State University, University of New Mexico, Eindhoven University of Technology, and Pacific Northwest National Laboratory have developed a catalyst that can both withstand high temperatures and convert ...


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.