You’ve been granted free access to this subscribers only article.
Pay the ransom or lose your files
Ransom demands such as this may indicate a malware or ransomware infection.
By Brian Gaspard and Robert C. McDonald
Brian Gaspard is the owner of Image Networks in San Antonio, which provides IT and computing solutions for companies throughout San Antonio and Wilson County. Gaspard recently aided a local business in recovering from a ransomware attack and shares his insight here.
Computer attacks are nothing new, but a new class of malware known as “ransomware” may have people questioning just how secure their business and personal computer systems really are. This particular malware is spreading rapidly, and at least one local business has discovered how destructive it can be.
Jack Rice, president of the Texaloy Foundry Co. in Floresville, confirmed that such an attack recently occurred with his company’s computer network. Rice said that two computers were infected, and while he paid the first ransom of $500, he refused further such demands. In Texaloy’s case, paying the first ransom retrieved about 70 percent of the company’s files, while the remaining 30 percent were left encrypted.
Ransomware is a class of malware that holds certain aspects of a computer “hostage,” and demands a payment. It works through email attachments. The old style of ransomware many people may have seen displayed bogus alerts from the FBI, CIA, or other government agency. They stated that the computer was used for illegal activities, and thus had been locked. The alerts demand a payment as a “fine” to unlock the computer and return control to the user. While these infections have been around a long time, they are rarely destructive, and can generally be removed by any good antivirus software.
A few years back, the developers of these applications figured out how to use the same type of infections to encrypt files on the computer. While the antivirus software could remove the infection, it could not decrypt the files. Users were often stuck paying the ransom to decrypt the files.
About a year ago, a new class of ransomware, known as “cryptolocker” or “cryptowall,” started to make the rounds. These programs work in much the same way, encrypting a computer’s files and then displaying a message that demands a payment. The biggest difference with these newer types is that they have a prebuilt application. This means anybody with an Internet connection can become a ransomware vendor. That means infection rates are much higher. Another big difference is that these newer applications not only encrypt files on the victim’s computer, but also on any computer attached to the same network.
Unfortunately, antivirus software has become easy for virus writers to work around. Symantec, a leading antivirus vendor, even declared antivirus software “dead.” This means that relying on antivirus software alone will not work in most cases.
Ransomware infections work through email attachments. These emails usually appear to come from a user within the company, and the attachment looks like a simple PDF. After the program has done its damage and has encrypted all the files on the network, the user is presented with the demand page. They often go on to display a clock, and indicate that after a period of time -- the rate will double. Eventually, if nothing is done, the criminals will delete the encryption keys from their servers, and fire recovery becomes impossible.
In addition, because each infection is unique, it’s possible for multiple network users to be infected. This means that the files on the network can be encrypted twice or more. So while the company or user may decide to pay for one decryption, getting everything back may require additional ransoms.
Prevention is usually pretty easy, though, if users pay attention to what they are doing, and do not open attachments unless they are expecting them.
The vast majority of infections are geared toward Windows-based computers, so running a computer without Windows is usually a good way to prevent attacks. The Macintosh operating system is one way, but can be costly to those not already running Macs. In addition, most business software today runs only on Windows. This makes converting to Mac unfeasible for many businesses.
There are many other ways to combat such attacks, though, ranging from simple to complex. Texaloy now utilizes a complex system, including both Windows- and Linux-based computers meant to isolate email and web traffic from the rest of the company’s network. While this may not be a solution for everyone, there are some simple preventive measures anyone can take.
To help combat these attacks, and the ensuing loss of data, companies and individuals should be diligent about backing up their files. It’s a good idea to make backups on multiple devices that are both physically and logically disconnected from the network, at least periodically. External hard drives that are swapped out regularly are also good. Cloud backups can work, but since a cloud backup usually stays connected to the network, it’s possible for the backup software to actually overwrite good files with encrypted ones. It’s also advisable to have multiple people check the backups periodically to ensure they are working.
Malware is not going away anytime soon, and everyone should be mindful of the damage it can do. Educating users about the dangers of opening attachments, while remaining diligent about backing up files, are two simple first steps in the right direction.
Look for more on this in a coming issue of the Wilson County News.
Your Opinions and Comments
August 2, 2014 4:30pm
Share your comment or opinion on this story!
You must be logged in to post a comment.
Section A: General News Archives
American Legion ceremony (May 25, 2016)
Annexation for fire services will be on November ballot (May 25, 2016)
Boy Scouts, Girl Scouts to honor fallen heroes (May 25, 2016)
Camino Real plans Open House events (May 25, 2016)
Chief Hull resigns from Poth police (May 25, 2016)
County sets sights on new tax (May 25, 2016)
Court Update (May 25, 2016)
Editorial: Grim choices have put America in a grave situation (May 25, 2016)
Editorial: On the other side of politics in a world of digital divide (May 25, 2016)
Fire, EMS services — Who’s got you covered? (May 25, 2016)
It’s okay to take control (May 25, 2016)
Letter: Free ride over hard work … a no-brainer! (May 25, 2016)
Letter: Housing Foundation expresses gratitude (May 25, 2016)
Letter: Mainstream media ‘brainwashing’ Hispanic/Latino voters (May 25, 2016)
Meeting Watch: Wilson County Memorial Hospital District (May 25, 2016)
Memorial Day office closures (May 25, 2016)
One viewpoint: Making Floresville marketable with recreational facilities (May 25, 2016)
Parish plans Cemetery Ceremony (May 25, 2016)
Police arrest man in case of burned body (May 25, 2016)
Police Blotter (May 25, 2016)
Police ticket six for violating cell phone ban (May 25, 2016)
Post 539 service (May 25, 2016)
Poth electric vehicle users could be in for a 'shock' (May 25, 2016)
Poth High School students earn awards (May 25, 2016)
Severe storms shred Wilson County (May 25, 2016)
SSCA ceremony (May 25, 2016)
Teacher salaries, student lunch prices on the rise (May 25, 2016)
Tejano music to fill the air during Labor Day event (May 25, 2016)
Turner: New businesses coming to Floresville (May 25, 2016)
Berger earns Ph.D. from Columbia University (May 18, 2016)
Brahma Happenings (May 18, 2016)
Burning body spurs murder investigation (May 18, 2016)
Can I negotiate? (May 18, 2016)
Court Update (May 18, 2016)
Editorial: Narrow views promote intellectual, moral dry rot (May 18, 2016)
Editorial: The political climate in America goes from bad to worse (May 18, 2016)
Falls City ISD’s new K-12 building almost complete (May 18, 2016)
Floresville parks master plan would relocate ball fields (May 18, 2016)
Floresville parks plan wins council approval (May 18, 2016)
Foundation awards $9K in grants (May 18, 2016)
Foundation opens health grant process (May 18, 2016)
Graco recalls booster seats (May 18, 2016)
Grass fires on the rise (May 18, 2016)
Letter: An open letter to Congress (May 18, 2016)
Letter: Illegal immigration: Who will laugh last? (May 18, 2016)
Letter: What Hispanic vote? (May 18, 2016)
Lone Star Greys to meet (May 18, 2016)
Meeting Watch: La Vernia City Council (May 18, 2016)
Meeting Watch: Poth ISD (May 18, 2016)
Police Blotter (May 18, 2016)
Police recover one of two stolen trucks (May 18, 2016)
Register for free watercolor lesson (May 18, 2016)
Stockdale campus to get upgrade soon (May 18, 2016)
Stockdale City Council approves electronic payment processing (May 18, 2016)
TAMU-SA matches student scholarships (May 18, 2016)
Time to make plans to attend Jubilee (May 18, 2016)
Want fire protection? Attend May 19 hearing (May 18, 2016)
Acme Gold Buyers marks fifth year in Floresville (May 11, 2016)
All Veterans Job Fair (May 11, 2016)
Cemetery group to meet (May 11, 2016)
Children’s Alliance enhances care services (May 11, 2016)
China Grove mayor, police chief trade barbs at meeting (May 11, 2016)
Commissioners lukewarm toward hot coffee at library (May 11, 2016)
Competency and integrity (May 11, 2016)
Court Update (May 11, 2016)
Coy to get Ranger Cross (May 11, 2016)
Cub Scout Roundup (May 11, 2016)
Donate blood in May (May 11, 2016)
Editor: Trump’s candidacy sets in motion affliction in future elections (May 11, 2016)
Editorial: The voters have spoken — well, some of them have! (May 11, 2016)
Former Sutherland Springs VFD considered as a substation (May 11, 2016)
Free caregivers class starts May 26 (May 11, 2016)
Information sought in Walmart theft (May 11, 2016)
Lack of super majority vote keeps Clean Water Rule flowing (May 11, 2016)
Leetter: The government is a terrible investor (May 11, 2016)
Letter: Injection well site is near river, creeks (May 11, 2016)
Letter: Stop being negative (May 11, 2016)
LV youths win new wheels at Bike Rodeo (May 11, 2016)
Meeting Watch: La Vernia ISD (May 11, 2016)
Mineral rights workshop set (May 11, 2016)
Miss LV Pageant, Bluebonnet Parade, graduation fill La Vernia calendar (May 11, 2016)
New Wilson County justice center nears completion (May 11, 2016)
Personalized brick for Veterans Memorial (May 11, 2016)
Police Blotter (May 11, 2016)
Precinct 3 primary runoff is May 24 (May 11, 2016)
Rangers to honor Lorenz (May 11, 2016)
Rohrs takes over Floresville athletics (May 11, 2016)
Tanneberger qualifies for Executive Club membership (May 11, 2016)
Voters respond: One bond passes, another fails (May 11, 2016)
Wednesday morning crash injures nine (May 11, 2016)
AACOG plans public meeting (May 4, 2016)
Accident injures two drivers (May 4, 2016)
AgriLife offers tips to protect from Zika, other mosquito-borne diseases (May 4, 2016)
Behind the lens: Solitary stillness (May 4, 2016)
Celebration Mass June 12 (May 4, 2016)
Cemetery association meeting (May 4, 2016)
Condos are fine, but do your research (May 4, 2016)
Court Update (May 4, 2016)
Crime Stoppers aids police anonymously (May 4, 2016)
DA, DPS bust nets 86 charges (May 4, 2016)
Debate over citizens comments dominates Floresville council (May 4, 2016)
Dwellings At Home offers lodge, ranch furnishings, more (May 4, 2016)
Editorial: Overbearing city council threatens boards’ independence (May 4, 2016)
Editorial: Taking personal responsibility will bring possibilities (May 4, 2016)
Editorial: Trump is the same old song with one more verse (May 4, 2016)
FEDC tables recommendation of master parks plan (May 4, 2016)
FELPS tornado repair continues as FEMA help stalls (May 4, 2016)
Floresville Chamber Luncheon May 18 (May 4, 2016)
Hall of Fame inductees: Joe Kotwig, Malcolm and Beverly Talley (May 4, 2016)
Letter: Alamo Colleges: A bust for Floresville (May 4, 2016)
Local nursing homes plan Senior Olympics May 9-13 (May 4, 2016)
Look twice for motorcycle riders (May 4, 2016)
Lyssy’s vault earns gold, sets records! (May 4, 2016)
Medicaid, CHIP application assistance (May 4, 2016)
Meeting Watch: Wilson County Commissioners Court (May 4, 2016)
National Day of Prayer May 5 (May 4, 2016)
Police Blotter (May 4, 2016)
Ramirez promoted to colonel (May 4, 2016)
Reserve a seat for SA Tea Party (May 4, 2016)
Tanneberger tops in sales (May 4, 2016)
Treviño prepares to take reins of East Central athletics (May 4, 2016)