It is the modern version of pulling a gun on someone and saying, “Stick ‘em up!” Only today thieves are using computers instead of guns to steal money. Smith Drug Co. in Eureka Springs was hit this past week by ransomware, a type of malicious computer code designed to block access to a computer system until a ransom payment is made. The store was unable to fill prescriptions until the problem was resolved.
The Carroll County Sheriff’s office was hit by ransomware in January.
“What they did was encrypt all our information and then sent us a ransom note saying we had to pay them money to get the de-encryption code,” said Carroll County Sheriff Randy Mayfield. “They wanted $2,400 and we paid it. The money went to India. That is why no other agencies could help us, because it was from overseas.”
The payment was made through BitCoin, which makes transactions difficult to track. BitCoin operates with no central authority or banks, making it a preferred method of payment for scam artists.
Mayfield said they were successful in getting the encryption code, and have made changes to make sure this type of thing never happens again. “We are changing the way we back up our information. I thought it was backed up, but it was not. We are on a 24-hour backup now.”
Mayfield said they are also educating their staff a lot more about what to be suspicious about on the Internet. Don’t open up sites you are not familiar with or click on links in emails from unknown people. Mayfield said it is difficult because as soon as the “good guys” find a way to block the malicious software, the “bad guys” find a way to get around it.
Frank Cox, Cox Computer Service, said ransomware is a major problem and very costly. He said there are two ways to deal with it. You can pay the money and get the code. Or you can give your hard drive to a computer repair service.
“I need it for a whole day and I can usually get all of the information off of it,” Cox said. “I have to do a full forensic recovery, and then redo the drive system. It’s a mess.”
Cox said ransomware is becoming more of a problem that computer viruses. Viruses can damage or destroy someone’s computer records, but don’t make money for the hacker. Ransomware, by contrast, can be very profitable. In a country like India, where average wages are less than $300 per month, ransomware is considered very lucrative.
Cox recommends a malware program called ESET that he said usually prevents problems.
“ESET is reasonable, $39 per year for a personal computer,” Cox said. “Commercial will be a little more, but not a whole lot more. That is the one I would recommend. But there is no guarantee some hacking might get around it.”
A common fraud is an email message from Microsoft that says they need access to your computer. If you call the number and give them access to your computer, then they may do a fake program that looks like they are scanning for problems. But, instead, it is stealing your data.
“They get everything on your machine,” Cox said. “Sometimes they give you the computer back and sometimes they just disappear and the machine is all screwed up. Never respond to email messages like that that claim to be from Microsoft or other companies. Microsoft will never send you a message like that.”
He highly recommends backing up data every day – especially for commercial businesses that are more vulnerable to ransomware attacks. Cox said some of his customers use online backup systems like Carbonite, and others use an external hard drive.
Cox said it is hard to fight ransomware thieves because they are mostly in Third World countries. In some cases, the hackers even use computers they have taken over in other countries to launch the attack.
Travis Clark, Caveman Computer Consulting, said the main line of defense is never clicking on popups or downloading anything from questionable sources.
“If you see a popup, you should assume it is not true no matter what that popup says,” Clark said. “I can pretty much guarantee it is fake. Anybody can make a webpage and make it say whatever they want it to say. Emails are another big one. Basically, if you don’t know 100 percent where it came from, you’re taking a risk. Even if know the person it’s risky because their email may have been compromised or it may just appear to be from the person you know. Be skeptical of anything you come across and you will be in a lot better shape for it.”
Clark said no anti-virus program is going to be foolproof. But he likes the MalwareBytes Premium version that has a couple features called Web Protection and Ransomware Protection that protect from connections to malicious or compromised websites and ransomware.
“MalwareBytes works well and is easy to use,” he said. Clark also stressed the importance of back-ups, but said external hard drives connected to the computer can be infected by malware. “Ransomware can encrypt data on external drives plugged into your machine as well. It is best to have a backup that is completely unplugged from your machine, just to be on the safe side.”