We’ve read news on hackers who stole Social Security numbers and other data from more than 21 million people out of U.S. government computer systems.
And now, we’re hearing more about something called “ransomware” — the latest cyber scam that involves trying to extort money from individuals and business owners by infecting and taking control of the victim’s computer.
Ransomware isn’t just a great plot for a TV series, such as one used several months ago on “The Good Wife” on CBS. It’s a real life threat for individuals and some businesses. It’s one more reminder of why you need to back up files and should never click on links, open attachments or visit websites if you’re uncertain of their origin.
Basically, the scam artists hold your data — your photos, your music, your other computer files — hostage until you pay up.
The ransom dollars? Victims are being asked to cough up anywhere from $200 to $10,000. Often, victims are asked to use bitcoin to pay the money.
The FBI’s Internet Crime Complaint Center issued a report in late June to warn that ransomware continues to spread typically through a threat called CrytoWall and its variants.
The FBI’s Internet Crime Complaint Center said that it received 992 CrytoWall-related complaints between April 2014 and June 2015. Victims reported losses totaling more than $18 million.
That’s just one type of ransomware.
“We have seen many more cases of ransomware, especially in the past year,” said Silka Gonzalez, president and chief executive of Enterprise Risk Management, a cybersecurity company in Coral Gables, Fla.
Targets for the scheme, she said, have included smaller law firms, small-to-medium-size entrepreneurs and others who might have less sophisticated protections in place for their computer systems. In some cases, she said, ransoms have been $20,000 to $50,000 for some small businesses.
In addition to ransom dollars, many victims face costs associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services and the purchase of credit monitoring services for employees or customers, the FBI said.
“Ransomware is incredibly common right now,” said Brian Krebs, who writes about cybercrime and is the author of “Spam Nation.” “This is the malware of choice for people who want to commit cybercrime right now.”
Krebs, who has a blog called KrebsOnSecurity, expects that the number of ransomware victims could be larger than 1,000 or so as indicated in the FBI warning.
“Most computer crimes go unreported, particularly crimes involving ransomware,” Krebs said.
Who wants to admit that they paid a ransom to get their digital information back?
For individuals, the troubles can start if you download free movies or click on attachments. Or hackers can use social engineering to pretend to be someone on your contact list or they can pretend to be from a legitimate company, such as the local utility.
So if you see a site that offers “free” games or movies or access to stolen “Game of Thrones” TV episodes or some super but suspicious bargains for shoppers, it might be a good idea to avoid clicking.
The malware goes through the files, finds what’s valuable and then the victim’s files become encrypted. Once that happens, the consumer or organization is notified and a ransom is demanded.
“It waits until it’s done all the damage,” Krebs said.
If there aren’t backup files, the only options for companies or consumers are to “pay the extortionist or kiss their files goodbye,” Krebs said.
Joseph Steinberg, a cybersecurity expert and chief executive of SecureMySocial in New York, said that typically, individuals can be charged a few hundred dollars for ransom when their digital treasures are held hostage. The larger payments are demanded from businesses.
“Many people for $100 or $200 are not going to take the chance,” he said.
Today’s ransomware scammers often demand payment in bitcoin because the digital currency is easy to use, fast and provides a heightened anonymity for the scammers, according to the FBI warning. Bitcoin makes it tough to trace the scammers, so if the scammers don’t unlock the files, you’re out of luck if you pay the ransom.
Most of us, of course, do not have bitcoin accounts. The ransom countdown clock might be 72 hours.
If it takes longer to move the money to bitcoin, and it could, the scammers could extend the deadline and demand even more money, Krebs said.
“It’s really a tough situation for organizations and individuals to be in,” he said.
Other tips: Update the software that you’ve installed. If you didn’t go looking for some antivirus software, do not install something that comes to you via email.
Experts say be sure to prevent pop ups from automatically coming on your screen so you don’t accidentally click on them.
Always back up the content on your computer.
“If you back up, verify, and maintain offline copies of your personal and application data, ransomware scams will have limited impact on you,” the FBI said.
©2015 Detroit Free Press. Distributed by Tribune Content Agency, LLC.