Ransomware holds computer data hostage and demands its victim pay a hefty price.
It was a routine morning for Samantha Cooperrider, veterinary technician at My Pet’s Vet in Vineyard Haven — until she sat down at her computer. The screensaver was no longer a Rottweiler puppy with a backpack. It was a cheeky ransom note, informing her, “Your personal files are encrypted!”
My Pet’s Vet had just become the latest in a long line of victims of CryptoLocker, a form of malware known as “ransomware,” a relatively new and extremely effective tool that hi-tech criminals are using to extort money from panicked business owners and computer users worldwide.
“It was on my screen when I came into the office,” Ms. Cooperrider said in a recent phone call with the Times. “The computer kept getting slower and slower and then it just shut down. It was pretty scary.”
The CryptoLocker ransom note, written in stumbling English, demanded $300 or the Bitcoin equivalent to unlock the encryption. If the ransom was not paid by the date and time highlighted by a taunting ticking clock, all of the My Pet’s Vet’s data would be lost forever. As a coda, the note added that all data would be destroyed if there were any attempts to remove or disarm CryptoLocker.
“I was on vacation but my staff was here,” said Dr. Kirsten Sauter, owner of My Pet’s Vet. “I knew Cliff [computer consultant Clifford Dorr] was coming in anyway, so I didn’t pay the ransom.”
Mr. Dorr was able to protect the data. It was no easy fix.
“Cliff spent hours and hours here,” Ms. Cooperrider said. “We were pretty much shut down for four days. I don’t know what we would have done without him.”
CryptoLocker first surfaced in September 2013. It can sit in a hard drive for weeks, even months, until it unleashes its wrath. Its long list of victims even includes the Swansea police department, which was hit this past November and paid the ransom, according to a report in the Boston Globe.
Experts weigh in
“It’s pretty sinister,” Mr. Dorr said in a phone interview with the Times. “It doesn’t target the operating system; it targets the data, the irreplaceable part of your computer’s ecosystem. It usually comes as a PDF in an email that looks legitimate. UPS package delivery notice is a common one.” Mr. Dorr said there is an extensive list of CryptoLocker aliases at bleepingcomputer.com.
My Pet’s Vet is not the only CryptoLocker victim on the Vineyard.
“We thought it was just a hoax the first time we saw it,” Brian Athearn, president of MV Tech said. “We treated it like it was a little willow then we realized it was a dragon. It’s a gnarly beast.” Mr. Athearn said he was called in for digital triage by one of the Island’s biggest businesses, which he declined to identify. “They were shut down for four days,” he said.
Mr. Athearn also cautioned that paying the ransom is not necessarily the fix. “A woman on the Island paid the ransom and they still didn’t send her the key,” he said. “They don’t send the key about 80 percent of the time.”
According to the most recent McAfee Antivirus Threats Report, the volume of ransomware samples doubled from 2012 to 2013. Business technology website ZDNet estimated that CryptoLocker had earned about $28 million by the end of 2013. According to Mr. Athearn, that total is now “a drop in the bucket.”
Back up the bytes
A 2013 survey by Harris Interactive Polling determined that roughly one third of computer users have never backed up their data and roughly another third back up once a year, at most.
“People should look at this as a wakeup call,” Mr. Athearn said. “If you don’t back up, you’re on a trapeze without a net.” Mr. Athearn recommends online backup programs like Carbonite, which backs up automatically and continuously. “Backing up on a hard drive is good, but you can lose a hard drive,” he said, adding that Carbonite saved the day for the large Island company that was data-napped by CryptoLocker. “Carbonite allowed me to go back to generations before they were encrypted. Otherwise, it would have been very ugly,” he said.
Mr. Dorr advocates making a daily backup on an external drive and selective backup with USB sticks, in addition to an online backup like Carbonite. “The pros of Carbonite are that the backup is off-site, the cons are that it’s very slow to get going—sometimes days or even weeks for the first backup. Backup is complicated and there is no one-size-fits-all scenario. The worst thing you can do is not back up at all.”
Mr. Dorr recommended backupsolutions.com for an overview of backup options.
Mr. Athearn added that Mac users who think they are impervious should think again. “I haven’t seen any on a Mac yet, but it’s possible,” he said. “This is a different animal.”
And what should someone do if if they’re not backed up, and they’re greeted with the same note as Ms. Cooperrider?
“Unplug the computer right away and call your computer tech,” Mr. Athearn said. “And if you’re religious, pray.”