You’ve been granted free access to this subscribers only article.
Pay the ransom or lose your files
Ransom demands such as this may indicate a malware or ransomware infection.
By Brian Gaspard and Robert C. McDonald
Brian Gaspard is the owner of Image Networks in San Antonio, which provides IT and computing solutions for companies throughout San Antonio and Wilson County. Gaspard recently aided a local business in recovering from a ransomware attack and shares his insight here.
Computer attacks are nothing new, but a new class of malware known as “ransomware” may have people questioning just how secure their business and personal computer systems really are. This particular malware is spreading rapidly, and at least one local business has discovered how destructive it can be.
Jack Rice, president of the Texaloy Foundry Co. in Floresville, confirmed that such an attack recently occurred with his company’s computer network. Rice said that two computers were infected, and while he paid the first ransom of $500, he refused further such demands. In Texaloy’s case, paying the first ransom retrieved about 70 percent of the company’s files, while the remaining 30 percent were left encrypted.
Ransomware is a class of malware that holds certain aspects of a computer “hostage,” and demands a payment. It works through email attachments. The old style of ransomware many people may have seen displayed bogus alerts from the FBI, CIA, or other government agency. They stated that the computer was used for illegal activities, and thus had been locked. The alerts demand a payment as a “fine” to unlock the computer and return control to the user. While these infections have been around a long time, they are rarely destructive, and can generally be removed by any good antivirus software.
A few years back, the developers of these applications figured out how to use the same type of infections to encrypt files on the computer. While the antivirus software could remove the infection, it could not decrypt the files. Users were often stuck paying the ransom to decrypt the files.
About a year ago, a new class of ransomware, known as “cryptolocker” or “cryptowall,” started to make the rounds. These programs work in much the same way, encrypting a computer’s files and then displaying a message that demands a payment. The biggest difference with these newer types is that they have a prebuilt application. This means anybody with an Internet connection can become a ransomware vendor. That means infection rates are much higher. Another big difference is that these newer applications not only encrypt files on the victim’s computer, but also on any computer attached to the same network.
Unfortunately, antivirus software has become easy for virus writers to work around. Symantec, a leading antivirus vendor, even declared antivirus software “dead.” This means that relying on antivirus software alone will not work in most cases.
Ransomware infections work through email attachments. These emails usually appear to come from a user within the company, and the attachment looks like a simple PDF. After the program has done its damage and has encrypted all the files on the network, the user is presented with the demand page. They often go on to display a clock, and indicate that after a period of time -- the rate will double. Eventually, if nothing is done, the criminals will delete the encryption keys from their servers, and fire recovery becomes impossible.
In addition, because each infection is unique, it’s possible for multiple network users to be infected. This means that the files on the network can be encrypted twice or more. So while the company or user may decide to pay for one decryption, getting everything back may require additional ransoms.
Prevention is usually pretty easy, though, if users pay attention to what they are doing, and do not open attachments unless they are expecting them.
The vast majority of infections are geared toward Windows-based computers, so running a computer without Windows is usually a good way to prevent attacks. The Macintosh operating system is one way, but can be costly to those not already running Macs. In addition, most business software today runs only on Windows. This makes converting to Mac unfeasible for many businesses.
There are many other ways to combat such attacks, though, ranging from simple to complex. Texaloy now utilizes a complex system, including both Windows- and Linux-based computers meant to isolate email and web traffic from the rest of the company’s network. While this may not be a solution for everyone, there are some simple preventive measures anyone can take.
To help combat these attacks, and the ensuing loss of data, companies and individuals should be diligent about backing up their files. It’s a good idea to make backups on multiple devices that are both physically and logically disconnected from the network, at least periodically. External hard drives that are swapped out regularly are also good. Cloud backups can work, but since a cloud backup usually stays connected to the network, it’s possible for the backup software to actually overwrite good files with encrypted ones. It’s also advisable to have multiple people check the backups periodically to ensure they are working.
Malware is not going away anytime soon, and everyone should be mindful of the damage it can do. Educating users about the dangers of opening attachments, while remaining diligent about backing up files, are two simple first steps in the right direction.
Look for more on this in a coming issue of the Wilson County News.
Your Opinions and Comments
August 2, 2014 4:30pm
Share your comment or opinion on this story!
You must be logged in to post a comment.
Section A: General News Archives
A look at area’s reptilian past and present (June 22, 2016)
Council meets ‘the enforcer’ (June 22, 2016)
Court Update (June 22, 2016)
Crime Stoppers celebrates 35th year (June 22, 2016)
Donsbach resigns from school board (June 22, 2016)
Editorial: The challenges, rewards of fatherhood (June 22, 2016)
Editorial: Will the tragedy in Orlando, Fla., change anything? (June 22, 2016)
Editorial: ‘I have had enough! Will you take a stand with me?’ (June 22, 2016)
Former Ranger Whitman leads DFPS (June 22, 2016)
Free entry to historic sites for military (June 22, 2016)
Indianhead Division plans national reunion (June 22, 2016)
Jehovah’s Witnesses set for July convention (June 22, 2016)
Letter: Fond memories of Floresville’s ‘fast food’ hangouts (June 22, 2016)
Letter: Let the dead rest in peace (June 22, 2016)
Letter: Recusal proper (June 22, 2016)
Meeting Watch: Floresville Convention, Tourist & Visitors Advisory Board (June 22, 2016)
Meeting Watch: Wilson County Memorial Hospital District (June 22, 2016)
Peanut issues spur Kellogg snack recall (June 22, 2016)
Pipeline-security course in Beeville (June 22, 2016)
Police Blotter (June 22, 2016)
Relief from the heat (June 22, 2016)
SISD board pays off $123K balance (June 22, 2016)
Students make dollars make sense (June 22, 2016)
Tax watch (June 22, 2016)
Time Warner gets Floresville-area Internet back in action (June 22, 2016)
USDA Housing Seminar (June 22, 2016)
WC Republican Party plans social (June 22, 2016)
You are self-insured (June 22, 2016)
Antonio Coy’s grave gets Texas Ranger Cross, Marker (June 15, 2016)
Attend free Elder Fraud Summit (June 15, 2016)
Burning question for Stockdale officials (June 15, 2016)
Court Update (June 15, 2016)
Display a kind spirit (June 15, 2016)
Editorial: floresvilleparksfoundation.com is live (June 15, 2016)
Editorial: People did ‘say something’ in Orlando, but to no avail (June 15, 2016)
FEDC will sell bond for city parks when time is right (June 15, 2016)
Floresville closes in on parks plan implementation (June 15, 2016)
Former Texas Ranger receives long-awaited dedication (June 15, 2016)
Foundation seeks donations (June 15, 2016)
Get greenhouse-building tips from the Master Gardeners (June 15, 2016)
Giant gator causes alarm (June 15, 2016)
GVEC to meet June 24 (June 15, 2016)
Jubilee to honor Vicki Wehmeyer (June 15, 2016)
Judge Jackson queries DA’s budget (June 15, 2016)
Letter: Crazy J Rodeo, Crouch family express gratitude (June 15, 2016)
Letter: From the Pastor’s desk (June 15, 2016)
Letter: Property destruction … is not a civil matter (June 15, 2016)
Local EMS personnel assist flood victims in Brazoria (June 15, 2016)
Lone Star Greys plan June meeting (June 15, 2016)
Meet Dr. Fisher at the driving range (June 15, 2016)
Meeting Watch: ESD No. 3 (Stockdale-based) (June 15, 2016)
Meeting Watch: Falls City ISD (June 15, 2016)
Meeting Watch: La Vernia City Council (June 15, 2016)
Meeting Watch: Poth ISD (June 15, 2016)
Meeting Watch: Stockdale City Council (June 15, 2016)
Pastor travels to promote public prayer (June 15, 2016)
Police Blotter (June 15, 2016)
Poth trail gets $200K Parks and Wildlife grant (June 15, 2016)
Tickets, tables available for Casino Night (June 15, 2016)
Vehicle drives discussion (June 15, 2016)
WCRP cancels July meeting (June 15, 2016)
Win a lifetime license! (June 15, 2016)
A home of their own: Sandy Oaks preps for move (June 8, 2016)
Audit reveals conservative management (June 8, 2016)
Be smart during, after floods (June 8, 2016)
China Grove faces ‘dog bone’ of contention (June 8, 2016)
County jail passes inspection (June 8, 2016)
Crime Stoppers reaches out, educates community (June 8, 2016)
Editor: Bloggers have misconception of economic development (June 8, 2016)
Editorial: As Dems and Republicans continue internal struggles (June 8, 2016)
Editorial: The great promise of socialism is something for nothing (June 8, 2016)
Floodwaters strand man in tree (June 8, 2016)
Invest in Chandler (June 8, 2016)
Letter: Anti-gun hypocrites run amok on Capitol Hill (June 8, 2016)
Letter: Hurd sides with establishment politicians (June 8, 2016)
Meeting Update: Wilson County Commissioners Court (June 8, 2016)
Mission supporters seek votes for grant (June 8, 2016)
One student remains missing, second girl reported found (June 8, 2016)
Police Blotter (June 8, 2016)
Sauceda earns degree in criminal justice (June 8, 2016)
Sports Boosters seek new members (June 8, 2016)
Spring rains saturate area (June 8, 2016)
Texas Guard to conduct annual training across state (June 8, 2016)
Vehicle burglars plague Nixon (June 8, 2016)
Wilson County employees ‘Walk Across Texas’ (June 8, 2016)
Adkins man faces child porn charges (June 1, 2016)
Alamo receives digital makeover (June 1, 2016)
CDC names best mosquito repellents (June 1, 2016)
City replaces hydrant after firefighters find it unusable (June 1, 2016)
Court Update (June 1, 2016)
Dollar General gives grants to libraries (June 1, 2016)
Donate blood in June (June 1, 2016)
Editorial: Slick college commencement speeches, toxic rhetoric (June 1, 2016)
Editorial: Texas should join conversation about climate risk (June 1, 2016)
Editorial: Trump’s over the hump, Sanders persists, Hillary … is a Clinton (June 1, 2016)
Eight-liner parlors remain closed (June 1, 2016)
Flag-raising event (June 1, 2016)
Floresville council hints at replacing city appointees (June 1, 2016)
Floresville police ramp up ‘Click It or Ticket’ program (June 1, 2016)
Fowler wins constable runoff (June 1, 2016)
Free disaster training June 11 (June 1, 2016)
Free senior fitness classes (June 1, 2016)
Help locate missing Floresville High School girls (June 1, 2016)
Homeowners seek fire, EMS protection (June 1, 2016)
Hubbard to set high expectations for the EC football program (June 1, 2016)
Insurance for young couple (June 1, 2016)
Jobless numbers fall (June 1, 2016)
Legal aid clinics for vets (June 1, 2016)
Location change for Parkinson’s Support Group (June 1, 2016)
Meeting Watch: Floresville Electric Light & Power System (June 1, 2016)
Police Blotter (June 1, 2016)
Poth ISD welcomes new staff members (June 1, 2016)
Quintanilla found guilty of aggravated assault (June 1, 2016)
Second responders to meet (June 1, 2016)
Three Oaks Center meeting canceled (June 1, 2016)
Trammell to lead livestock show board (June 1, 2016)
UIW’s new Direct Admit Health Professions Program starts this fall (June 1, 2016)