DATA DUMP: Do not let extortionists lock you out of your computer

John Barker

At some point, I think we’ve all locked ourselves out of the house or our car.  It’s annoying.  You typically call a family member or friend who will bring your second set of keys.  In the most extreme circumstances, you call a locksmith.  

Now imagine a situation where you find yourself locked out of your computer files and there isn’t a second set of keys or a locksmith to save the day.  Your files have just been encrypted with a key you don’t have access to. You have two choices; either lose the files or pay an extortionist fee.  The clock is ticking since you only have a few days to figure it out before your data is lost forever.  You’ve just been hit by ransomware and it’s causing havoc in the computing world.  

Ransomware has been making big news with WannaCry, a ransomware variant that was exploiting older, unpatched operating systems.  There are many different names ransomware will go by as “hacker extortionists” continue to evolve the code. They continue to find new software and hardware security holes to exploit, creating a never-ending game of cat and mouse.

The medical industry has been hardest hit with patient files getting locked out.  But, with a minute of research, you will find almost every industry that stores significant amounts of personally identifiable information (PII) has been a specific target.  Targets also include institutions with large technological footprints that are slow to upgrade their systems or fail to properly ensure patching is taking place on a regular basis.  Ransomware attacks are quite costly with attacks costing an estimated $1 billion annually.

These steps will help protect you and your business from possible extortion.

  1. Keep your operating system and application software fully up-to-date with security patches.  Viruses take advantage of holes discovered in the code, so it is important to plug the holes.
  2. Check that your anti-virus program includes email attachment scanning for viruses and spam.  For business, evaluate a 3rd party solution such as Barracuda Networks that will instantly open and close email attachments, scanning for advanced threats before sending them on to the end user.
  3. No SPAM solution is 100%.  If you receive an unexpected email with an attachment or one that asks you to give them personal information via email, do not click the link.  You can use your mouse to hover over the link in the email to see if the URL matches the company name.
  4. Pay careful attention to slight misspellings in URL names.  The website could be a fake clone.
  5. Implement a robust business continuity plan or backup solution.  Newer technology will allow you to take snapshots of your critical data (including the entire operating system) on hourly basis so you can roll back before the infection took place.  At a minimum you want a backup solution that will allow you to keep multiple snapshots of your files.

If you have already been hit with ransomware, all is not necessarily lost depending on the version you have been infected with.   Many of the main antivirus vendors have pooled together to share the private keys they have been able to decrypt.  A quick google search for “Ransomware Decryptor” will provide a list of free tools that will attempt to unlock your files.  It won’t be 100% but it’s worth a try.

The main message here is that is hardware and software is cheap, but losing years of your data is very expensive to recreate.  Take the time to put procedures and tools in place to minimize your risk.

About Jeff Say 184 Articles

Jeff Say is the editor for the Culpeper Times. He can be reached at jsay@culpepertimes.com