You’ve been granted free access to this subscribers only article.
Pay the ransom or lose your files
Ransom demands such as this may indicate a malware or ransomware infection.
By Brian Gaspard and Robert C. McDonald
Brian Gaspard is the owner of Image Networks in San Antonio, which provides IT and computing solutions for companies throughout San Antonio and Wilson County. Gaspard recently aided a local business in recovering from a ransomware attack and shares his insight here.
Computer attacks are nothing new, but a new class of malware known as “ransomware” may have people questioning just how secure their business and personal computer systems really are. This particular malware is spreading rapidly, and at least one local business has discovered how destructive it can be.
Jack Rice, president of the Texaloy Foundry Co. in Floresville, confirmed that such an attack recently occurred with his company’s computer network. Rice said that two computers were infected, and while he paid the first ransom of $500, he refused further such demands. In Texaloy’s case, paying the first ransom retrieved about 70 percent of the company’s files, while the remaining 30 percent were left encrypted.
Ransomware is a class of malware that holds certain aspects of a computer “hostage,” and demands a payment. It works through email attachments. The old style of ransomware many people may have seen displayed bogus alerts from the FBI, CIA, or other government agency. They stated that the computer was used for illegal activities, and thus had been locked. The alerts demand a payment as a “fine” to unlock the computer and return control to the user. While these infections have been around a long time, they are rarely destructive, and can generally be removed by any good antivirus software.
A few years back, the developers of these applications figured out how to use the same type of infections to encrypt files on the computer. While the antivirus software could remove the infection, it could not decrypt the files. Users were often stuck paying the ransom to decrypt the files.
About a year ago, a new class of ransomware, known as “cryptolocker” or “cryptowall,” started to make the rounds. These programs work in much the same way, encrypting a computer’s files and then displaying a message that demands a payment. The biggest difference with these newer types is that they have a prebuilt application. This means anybody with an Internet connection can become a ransomware vendor. That means infection rates are much higher. Another big difference is that these newer applications not only encrypt files on the victim’s computer, but also on any computer attached to the same network.
Unfortunately, antivirus software has become easy for virus writers to work around. Symantec, a leading antivirus vendor, even declared antivirus software “dead.” This means that relying on antivirus software alone will not work in most cases.
Ransomware infections work through email attachments. These emails usually appear to come from a user within the company, and the attachment looks like a simple PDF. After the program has done its damage and has encrypted all the files on the network, the user is presented with the demand page. They often go on to display a clock, and indicate that after a period of time -- the rate will double. Eventually, if nothing is done, the criminals will delete the encryption keys from their servers, and fire recovery becomes impossible.
In addition, because each infection is unique, it’s possible for multiple network users to be infected. This means that the files on the network can be encrypted twice or more. So while the company or user may decide to pay for one decryption, getting everything back may require additional ransoms.
Prevention is usually pretty easy, though, if users pay attention to what they are doing, and do not open attachments unless they are expecting them.
The vast majority of infections are geared toward Windows-based computers, so running a computer without Windows is usually a good way to prevent attacks. The Macintosh operating system is one way, but can be costly to those not already running Macs. In addition, most business software today runs only on Windows. This makes converting to Mac unfeasible for many businesses.
There are many other ways to combat such attacks, though, ranging from simple to complex. Texaloy now utilizes a complex system, including both Windows- and Linux-based computers meant to isolate email and web traffic from the rest of the company’s network. While this may not be a solution for everyone, there are some simple preventive measures anyone can take.
To help combat these attacks, and the ensuing loss of data, companies and individuals should be diligent about backing up their files. It’s a good idea to make backups on multiple devices that are both physically and logically disconnected from the network, at least periodically. External hard drives that are swapped out regularly are also good. Cloud backups can work, but since a cloud backup usually stays connected to the network, it’s possible for the backup software to actually overwrite good files with encrypted ones. It’s also advisable to have multiple people check the backups periodically to ensure they are working.
Malware is not going away anytime soon, and everyone should be mindful of the damage it can do. Educating users about the dangers of opening attachments, while remaining diligent about backing up files, are two simple first steps in the right direction.
Look for more on this in a coming issue of the Wilson County News.
Your Opinions and Comments
August 2, 2014 4:30pm
Share your comment or opinion on this story!
You must be logged in to post a comment.
Section A: General News Archives
Corner Store grand opening is set for July 2 (July 1, 2015)
Court Update (July 1, 2015)
Crouch Memorial Bull Riding (July 1, 2015)
Dan Patrick weighs in on same-sex marriage decision (July 1, 2015)
Disabled veteran license plates available for widows (July 1, 2015)
Does the EPA control your stock tank? (July 1, 2015)
East Central ISD decisions will save taxpayers millions (July 1, 2015)
Editorial: Changing the past to fundamentally transform America (July 1, 2015)
Editorial: Donald Trump tries to put his brand on GOP (July 1, 2015)
Editorial: Hillary and history: Best-known is not the same as best-qualified (July 1, 2015)
Event highlights seniors, vets, services July 17 (July 1, 2015)
FELPS aims to improve reliability systemwide (July 1, 2015)
Floresville ISD adopts $39M budget (July 1, 2015)
Floresville keeps city manager, 'extravaganza' (July 1, 2015)
Free July training for business owners (July 1, 2015)
Guadalupe deputies hunt fugitive after bar fight near Seguin (July 1, 2015)
H-E-B recalls burger buns (July 1, 2015)
La Vernia approves $26M-plus budget (July 1, 2015)
Letter: Frightened aging bones (July 1, 2015)
Meeting Watch: Falls City City Council (July 1, 2015)
Miles Svoboda earns saddle in chute dogging event (July 1, 2015)
New battalion commander recalls Floresville roots (July 1, 2015)
Nixon residents respond to shooting with prayer (July 1, 2015)
Parkside Homes wins planning and zoning approval (July 1, 2015)
Scam email: Pay up or die (July 1, 2015)
Skloss retires after four decades with Karnes Electric (July 1, 2015)
Tanker, tow truck crash on U.S. 181 (July 1, 2015)
Tour vintage aircraft at Stinson Municipal Airport (July 1, 2015)
Traps to avoid after graduation (July 1, 2015)