You’ve been granted free access to this subscribers only article.
Pay the ransom or lose your files
Ransom demands such as this may indicate a malware or ransomware infection.
By Brian Gaspard and Robert C. McDonald
Brian Gaspard is the owner of Image Networks in San Antonio, which provides IT and computing solutions for companies throughout San Antonio and Wilson County. Gaspard recently aided a local business in recovering from a ransomware attack and shares his insight here.
Computer attacks are nothing new, but a new class of malware known as “ransomware” may have people questioning just how secure their business and personal computer systems really are. This particular malware is spreading rapidly, and at least one local business has discovered how destructive it can be.
Jack Rice, president of the Texaloy Foundry Co. in Floresville, confirmed that such an attack recently occurred with his company’s computer network. Rice said that two computers were infected, and while he paid the first ransom of $500, he refused further such demands. In Texaloy’s case, paying the first ransom retrieved about 70 percent of the company’s files, while the remaining 30 percent were left encrypted.
Ransomware is a class of malware that holds certain aspects of a computer “hostage,” and demands a payment. It works through email attachments. The old style of ransomware many people may have seen displayed bogus alerts from the FBI, CIA, or other government agency. They stated that the computer was used for illegal activities, and thus had been locked. The alerts demand a payment as a “fine” to unlock the computer and return control to the user. While these infections have been around a long time, they are rarely destructive, and can generally be removed by any good antivirus software.
A few years back, the developers of these applications figured out how to use the same type of infections to encrypt files on the computer. While the antivirus software could remove the infection, it could not decrypt the files. Users were often stuck paying the ransom to decrypt the files.
About a year ago, a new class of ransomware, known as “cryptolocker” or “cryptowall,” started to make the rounds. These programs work in much the same way, encrypting a computer’s files and then displaying a message that demands a payment. The biggest difference with these newer types is that they have a prebuilt application. This means anybody with an Internet connection can become a ransomware vendor. That means infection rates are much higher. Another big difference is that these newer applications not only encrypt files on the victim’s computer, but also on any computer attached to the same network.
Unfortunately, antivirus software has become easy for virus writers to work around. Symantec, a leading antivirus vendor, even declared antivirus software “dead.” This means that relying on antivirus software alone will not work in most cases.
Ransomware infections work through email attachments. These emails usually appear to come from a user within the company, and the attachment looks like a simple PDF. After the program has done its damage and has encrypted all the files on the network, the user is presented with the demand page. They often go on to display a clock, and indicate that after a period of time -- the rate will double. Eventually, if nothing is done, the criminals will delete the encryption keys from their servers, and fire recovery becomes impossible.
In addition, because each infection is unique, it’s possible for multiple network users to be infected. This means that the files on the network can be encrypted twice or more. So while the company or user may decide to pay for one decryption, getting everything back may require additional ransoms.
Prevention is usually pretty easy, though, if users pay attention to what they are doing, and do not open attachments unless they are expecting them.
The vast majority of infections are geared toward Windows-based computers, so running a computer without Windows is usually a good way to prevent attacks. The Macintosh operating system is one way, but can be costly to those not already running Macs. In addition, most business software today runs only on Windows. This makes converting to Mac unfeasible for many businesses.
There are many other ways to combat such attacks, though, ranging from simple to complex. Texaloy now utilizes a complex system, including both Windows- and Linux-based computers meant to isolate email and web traffic from the rest of the company’s network. While this may not be a solution for everyone, there are some simple preventive measures anyone can take.
To help combat these attacks, and the ensuing loss of data, companies and individuals should be diligent about backing up their files. It’s a good idea to make backups on multiple devices that are both physically and logically disconnected from the network, at least periodically. External hard drives that are swapped out regularly are also good. Cloud backups can work, but since a cloud backup usually stays connected to the network, it’s possible for the backup software to actually overwrite good files with encrypted ones. It’s also advisable to have multiple people check the backups periodically to ensure they are working.
Malware is not going away anytime soon, and everyone should be mindful of the damage it can do. Educating users about the dangers of opening attachments, while remaining diligent about backing up files, are two simple first steps in the right direction.
Look for more on this in a coming issue of the Wilson County News.
Your Opinions and Comments
August 2, 2014 4:30pm
Share your comment or opinion on this story!
You must be logged in to post a comment.
Section A: General News Archives
Appraisal district board votes to resume construction (April 27, 2016)
Baylor University awards Cody Soto (April 27, 2016)
Behind the lens: Swan lake (April 27, 2016)
Budget Blinds of La Vernia receives national award (April 27, 2016)
Celebrate hospital’s Grand Opening (April 27, 2016)
Children’s Alliance plans ribbon-cutting (April 27, 2016)
County judge breaks tie vote (April 27, 2016)
Court Update (April 27, 2016)
Cowboy Fellowship celebrates 13 years in Jourdanton (April 27, 2016)
Earth Day plant sale April 30 (April 27, 2016)
Editorial: It’s time to get out and vote for the best for our city (April 27, 2016)
Editorial: Quit whining and play by the party rules (April 27, 2016)
Emergency-services area may expand to cover City View (April 27, 2016)
Floresville chamber is on the move (April 27, 2016)
Floresville Event Center’s no-BYOB policy here to stay (April 27, 2016)
Floresville man honored with service award (April 27, 2016)
Free ‘Shred Day’ in San Antonio (April 27, 2016)
Get outside and connect with nature (April 27, 2016)
Help CASA during the Big Give (April 27, 2016)
Hospital receives audit report, notes record month (April 27, 2016)
La Vernia EMS: Four decades of care (April 27, 2016)
Learn about hosting a foreign exchange student (April 27, 2016)
Letter: Anyone listening? (April 27, 2016)
Letter: Clarity around FEDC contributions (April 27, 2016)
Letter: Unreliable weather forecasts (April 27, 2016)
Life Line Screening available (April 27, 2016)
Loan converts to a scholarship (April 27, 2016)
Master Gardener orientation (April 27, 2016)
Meeting Watch: Falls City ISD (April 27, 2016)
Meeting Watch: Floresville Planning & Zoning Commission (April 27, 2016)
Parks plan is still ‘wish list’ (April 27, 2016)
Police Blotter (April 27, 2016)
Ramirez promoted to Colonel (April 27, 2016)
Scammers target CPS Energy customers (April 27, 2016)
Support children through Big Give (April 27, 2016)
ACTS skeet shoot May 7 in Marion (April 20, 2016)
Annexation for La Vernia EMS? (April 20, 2016)
Brahma Happenings: Jackson’s Journey, HOPE fund-raisers, more (April 20, 2016)
Challenger Water Solutions set to close deal in Stockdale (April 20, 2016)
Coach to take on athletics for his alma mater (April 20, 2016)
Community Resource Fair (April 20, 2016)
Crisis Center plans fund-raising events (April 20, 2016)
District 3 considers substation in Sutherland Springs (April 20, 2016)
Early voting begins on Tuesday in (another) election (April 20, 2016)
Editorial: The ‘voice of the people’ fallacy (April 20, 2016)
Elmendorf wades into developing its own municipal water system (April 20, 2016)
Emergency service, via helicopter (April 20, 2016)
Entertainment lineup for the Jubilee (April 20, 2016)
FEDC OKs July 3 ‘Freedom Fest’ (April 20, 2016)
Floresville parks plan: an analysis (April 20, 2016)
Hail pounds ‘like a thousand hammers' (April 20, 2016)
Housing seminar set (April 20, 2016)
La Vernia: New home for Wilson County’s performing arts? (April 20, 2016)
Letter: A word of caution to advertisers (April 20, 2016)
Letter: Eating sustainably (April 20, 2016)
Letter: Obama’s executive ‘lawlessness’ rears its ugly head (April 20, 2016)
Letter: Wilson County lacks animal control (April 20, 2016)
Meet the Floresville candidates, ask questions April 21! (April 20, 2016)
Meeting Watch: Poth ISD (April 20, 2016)
Meeting Watch: Stockdale ISD (April 20, 2016)
Missions to include Floresville’s Rancho (April 20, 2016)
Police Blotter (April 20, 2016)
Poth VFW Post 8555 honors students, teachers, guests (April 20, 2016)
Small-business training webinars (April 20, 2016)
Special meeting April 21 for Floresville parks master plan (April 20, 2016)
Talk about boundaries (April 20, 2016)
Walk to end child abuse (April 20, 2016)
Wilson County’s unemployment rises (April 20, 2016)
Yanta: Prosper the work of our hands (April 20, 2016)
Apply now for Baptist Health Foundation community grants (April 13, 2016)
Authorities arrest cattle rustler (April 13, 2016)
Behind the lens: Screams, spins, speed (April 13, 2016)
Christian counseling comes to Wilson County (April 13, 2016)
Doctor will close Floresville office (April 13, 2016)
Editorial: Before you reject the system, understand it (April 13, 2016)
Editorial: Football great Will Smith and mental illness in America (April 13, 2016)
Editorial: White House needs a mature president — not ‘The Donald’ (April 13, 2016)
Federal funding for community projects (April 13, 2016)
Free senior exercise classes at OKMH (April 13, 2016)
Kicaster Cemetery meeting April 21 (April 13, 2016)
La Vernia UMC to hold blood drive (April 13, 2016)
Letter: Extra effort (April 13, 2016)
Letter: The importance of no Supreme Court hearing (April 13, 2016)
Mayor recaps infrastructure projects (April 13, 2016)
Meeting Watch: China Grove City Council (April 13, 2016)
Meeting Watch: La Vernia ISD (April 13, 2016)
Meeting Watch: Wilson County Commissioners Court (April 13, 2016)
National Lineman Appreciation Day (April 13, 2016)
Pair face felony charges for graffiti on Enchanted Rock (April 13, 2016)
Pair lead police on high-speed chase (April 13, 2016)
Police Blotter (April 13, 2016)
Poth cemetery plans cleanup (April 13, 2016)
Pray to end child abuse on April 24 (April 13, 2016)
Rainbow Play Systems recalls trapeze rings (April 13, 2016)
Registration for Alzheimer’s, dementia care training is open (April 13, 2016)
Save the date for Bike Rodeo, Bike-A-Thon (April 13, 2016)
Scammers hijack smartphones in new ransomware scam (April 13, 2016)
Selling sentimental stuff (April 13, 2016)
Start Smart your business April 28 (April 13, 2016)
Stockdale city limits expand (April 13, 2016)
Stockdale library seeks donations (April 13, 2016)
Stockdale officials approve open carry gun ordinance (April 13, 2016)
Truck strikes man on highway (April 13, 2016)
Vets service offers online links (April 13, 2016)
Workshop energizes teachers to educate about energy (April 13, 2016)
Adventure Run set for April 16 (April 6, 2016)
Authorities search for cattle rustler (April 6, 2016)
Behind the lens: Riveting reptile (April 6, 2016)
Donate blood April 8 (April 6, 2016)
DWI crackdown targets Poteet area for weekend (April 6, 2016)
Editorial: Political parties display hypocrisy over Supreme Court nominee (April 6, 2016)
Editorial: We are window-shopping for the next president (April 6, 2016)
Falls City Council seeks partner for sewer upgrades (April 6, 2016)
FELPS addresses cost price hike as fuel costs decline (April 6, 2016)
FELPS payment scam victimizes restaurant owner (April 6, 2016)
FISD plans Wellness Fair and 5K (April 6, 2016)
Floresville plans community Independence Day celebration (April 6, 2016)
Injury accident (April 6, 2016)
Just be honest (April 6, 2016)
Learning opportunity for teachers June 6-9 (April 6, 2016)
Letter: La Vernia ideal home for YMCA (April 6, 2016)
Letter: Leave political correctness out of Jaguar name (April 6, 2016)
Letter: We are the stooges (April 6, 2016)
Little League Night in Floresville (April 6, 2016)
LV Greater Chamber plans April 6 meeting (April 6, 2016)
One-Act Play shines at District (April 6, 2016)
Online control system detects faulty switch, saves FELPS $750K (April 6, 2016)
Opry Jam Night April 7 (April 6, 2016)
Participate in Candidates’ Forum (April 6, 2016)
Police Blotter (April 6, 2016)
State test glitches heighten exam anxiety for students (April 6, 2016)
Sutherland Springs woman: Snakes alive! (April 6, 2016)