Recently, the police in Lincoln County, Maine were faced with a decision: Pay an unidentified hacker $300, or lose access to all of the files on their network, which included the types of sensitive information that you might imagine a police department network maintains. The department did decide to pay up, and the FBI was able to track the money to a Swiss bank account, but they got no further. Communications by the hackers are masked using powerful proxy networks like Tor, which routes information through many different servers, all over the world.
That sort of info is a steal at $300, but what does it mean when even the FBI can’t intervene enough to prevent a police department from paying a ransom?
It’s a scenario that’s been playing itself out at police departments, businesses, and even hospitals over the last several years.
The malicious programs themselves are collectively known as Ransomware, and the frequency and sophistication of the attacks have been growing at an alarming rate, perhaps spurred on by a high rate of success.
How does it work?
Typically, the victim opens up an email masquerading as something innocuous (an image, attachment, etc.) and then unwittingly downloads a program that encrypts their files. If they’re unlucky enough to be on a network in an office, or say, a police station or hospital, the files on those computers may become infected and locked as well.
Mobile users have also proved to be vulnerable targets. A Russian ring was recently busted for a Ransomware attack that targeted Android users. Victims would receive text messages or browser notifications masquerading as software updates. An even more brazen version produced a fake FBI notification splash page in the user’s browser.
After infection, the program gives you a set of instructions for payment and a deadline, usually around 72 hours, after which all files will become permanently inaccessible. The payments almost always involve Bitcoin, the digital and mostly untraceable currency that’s been in vogue with hedge fund types and drug dealers.
Who’s affected and what can be done?
Of course the majority of people affected by these sorts of attacks are just everyday users. The you and I’s of the increasingly risky web. So what can you do if you’re hit? In the best case scenario, you were lucky enough to be infected with a particularly malicious piece of Ransomware called CoinVault, which just had its entire encryption algorithm cracked by a partnership between The National High Tech Crime Unit (NHTCU) of the Netherlands and Kaspersky Labs. In this scenario, you would simply navigate here and obtain your encryption key.
If you were infected by another one of the many variations such as CryptoWall or Cryptolocker & aren’t one of those forward thinking types that regularly backs up to a non-network connected device…well, you’re out of luck. Short of access to a super computer, you’ll have to come up with the cash (usually around $300-400) or say goodbye to your files forever.
Like the Lincoln County Police Department, many people just choose to pay up and be done with it. The typical the ransom amounts aren’t break-the-bank sums, and the hackers have developed a reputation for seamless transactions, which is a great way to increase the likelihood of payment. Anyone affected only has to do a quick Google search for others that have been hit with the same attacks, and they will find that paying up by the specified time always results in receiving a key that can unlock your files. There are no known cases of the hackers reneging or coming back with a different offer.
The primary issue with paying is that it incentivizes hackers to continue to carry out these sorts of attacks and to increase their sophistication. Hackers are learning to target specific file types with a higher probability of value, such as .dwg AutoCad files that may contain building blueprints and other important schematics, but in the event that you face losing sensitive data, what’s a girl (or a police station or a hospital) to do?