A type of malware that holds a user's computer files hostage has claimed at least a million victims, ranging from individuals to small businesses to, in at least one case, a local sheriff’s department. Security expert say hackers have been using CryptoWall, a family of “ransomware” programs that "lock up" files on a computer, to extort money from computer owners. The Dickson County, Tennessee, sheriff’s office recently paid $622 in bitcoin to hackers who encrypted the department’s criminal case files, making them inaccessible to investigators.
The sheriff’s office had no choice but to pay the ransom to get back access to its files, said Detective Jeff McCliss. "It really came down to a choice between losing all of that data and being unable to provide the vital services that that data would've assisted us in providing the community versus spending 600-and-some-odd dollars to retrieve the data," McCliss told NBC Nightly News. The department was lucky; it got back access to its digital data.
McCliss said he has since heard from other branches of city and county governments that have been victimized by CryptoWall. "There are a lot of other law enforcement agencies out there that have been affected by this sort of thing and specifically with this malware, that don't want their names out there," he said.
Another CryptoWall victim, psychotherapist Valerie Goss, took a different approach when she suddenly discovered that her computer files, including vital client information and tax documents, had been encrypted by hackers who gave her 24 hours to pay a $500 ransom. "I was frantic, you know. I felt like I had a limited amount of time to make a really tough decision," she told NBC Nightly News. Afraid she still might not get her files back, Goss ultimately decided not to pay. She instead bought a new computer and spent about a month trying to restore all the information she lost.
"If none of us paid the ransom, these guys would go out of business."
Experts say Goss did the right thing and that victims should never pay computer hackers’ ransom demands.
"Absolutely not. You are likely never to get your files back,” said Kevin Haley, director of Symantec’s Security Response. “On the positive side, if none of us paid the ransom, these guys would go out of business."
So what’s a computer user to do to minimize the risk of becoming a victim of ransomware?
- Keep your software security updated.
- Don't click on unrecognized emails and websites.
- Back up your files, then disconnect the external hard drives.