Give us the money…or else

Published May 12, 2016

A Michigan utility shut down its corporate IT systems.

A Utah clinic lost its online documents, files, and spreadsheets. And a hospital in California found itself unable to log into its computers.

All three entities were the victims of ransomware, a cybercrime that encrypts hard drives or locks users out of their own files, personal computers or systems.

Ransomware is spread when victims unknowingly download the malware as they open infected email attachments or visit bugged websites.

The victims usually don’t know anything’s amiss until their systems go down or their monitors go dark. The problem is painfully clear only when a message starts blinking from the screen: If you want back into your files or system, you’ll have to pay a ransom. (Usually in pre-paid cards or Bitcoins).

The Federal Bureau of Investigation received 992 complaints related to the most common form of ransomware known as CryptoWall between April 2014 and June 2015 with losses totaling $18 million. The FBI predicts that the number of ransomware incidents will continue to grow this year if individuals and organizations don’t brace themselves for the attacks.

The FBI, Microsoft, and the IT security firm Sophos offer these tips to help protect yourself from ransomware:

  • Don’t enable macros
  • Back up data regularly
  • Store backups separately from what they back up
  • Be wary of attachments
  • Update applications, operating systems, and device firmware
  • Update antivirus and anti-malware solutions
  • Use a pop-up blocker
  • Turn on your firewall
  • Don’t give administrative access to anyone who doesn’t need it
  • Pay attention to the sites you visit

Keep your eyes peeled when you check your email. If you get an attachment you weren’t expecting or from someone you don't recognize, delete it. And if any attachment or email looks suspicious, pick up the phone and call the company or individual to find out if it’s legitimate.