Ransomware cases on the rise

FBI warns of malware that holds computer hostage until payment

JACKSONVILLE, Fla. – The FBI in Jacksonville is warning people that ransomware is on the rise.

Ransomware is similar to better-known malware as both can damage computers and even cause them to lock up. It's called ransomware, however, because it literally forces victims to pay some sort of ransom to get their computers unlocked or to access files that were attacked.

Criminals do this in various ways. The most common way is to lock a computer with a malware-like virus that shows an image of a government agency like the FBI or National Security Agency.

It will give computer users a warning that the federal government is looking into their computer and they have to pay a ransom in order to unlock it. An example of a threat to a computer user could be something like, "Child pornography has been found on your computer."

News4Jax spoke with local FBI Cybersecurity Agent Lynwood Bell, who warns it is all a scam.

"That's 100 percent bogus. The FBI does not send those types of warnings to end users. As you can imagine that would be counterproductive to send messages out to everyone we're investigating," Bell said.

According to the FBI, a fairly new ransomware variant has been making the rounds. It's called CryptoWall and its newer version is CryptoWall 2.0.

This virus encrypts files on a computer's hard drive and any external or shared drives the computer accesses.

It directs the user to a personalized victim ransom page that contains the initial ransom amount, which can be anywhere from $200 to $5,000, then includes detailed instructions about how to purchase Bitcoins and typically, displays a countdown clock to notify victims how much time they have before the ransom doubles.

Victims are infected with CryptoWall by clicking on links in malicious emails that appear to be from legitimate businesses and through compromised advertisements on popular websites. The United States Computer Emergency Readiness Team warns these infections can be devastating and recovery can be difficult.

There is another type of ransomware that targets businesses and corporations. It works by locking up specific files in a company's computer system and forces a company to pay a ransom to get the files back. Oftentimes, these are valuable and even proprietary files. 

Kevin Johnson is the founder and CEO of the Jacksonville-based company Secure Ideas. His company works to fight ransomware for its clients. He said it's very important to always have a backup of your computer.

"You need to have good backups of your system. Luckily, with a modern computer, it's built into the system.  With most modern computers -- Mac, Windows and like with my system here -- I plug in an external hard drive, my system backs up regularly," Johnson said.

The FBI said it does not support paying a ransom, adding that paying does not guarantee you will regain access to your data. The bureau said, in fact, some individuals or organizations were never provided with decryption keys after having paid a ransom. Paying a ransom emboldens the adversary to target other organizations for profit, and provides for a lucrative environment for other criminals to become involved, according to the agency.

While the FBI said it does not support paying a ransom, there is an understanding that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees and customers.

In all cases, the FBI encourages organizations to contact their local FBI field office immediately to report a ransomware event and request assistance. Victims are also encouraged to report cyber incidents to the FBI's Internet Crime Complaint Center at www.ic3.gov.

According to Microsoft, among the top 10 countries with the most detections of ransomware, the United States is at the top. Research from December 2015 to May 2016 shows the U.S. had half of all detections. Italy was second with Canada close behind in third, followed by Turkey and then the United Kingdom. Of the top 10 countries, Microsoft found Australia had the fewest detections during that same time period.

However, the FBI told News4Jax, the creators of ransomware are difficult to find because many are based in foreign countries. The bureau said it has had some success with capturing suspects in countries that are friendly with the United States, but it's a lot harder to find suspects in countries with which the U.S. doesn't have a good relationship.

Ways to prevent and fight ransomware on computers:

  • Make sure anti-virus software is up-to-date.
  • Back up data regularly.
  • If you back up data on an external hard drive, do not keep it connected to the computer 24/7.
  • If you back up to a service like iCloud, set it up so it's not constantly connected to the system.
  • Companies should make sure employees are aware of ransomware and of their critical roles in protecting a company's data.
  • For office files transmitted through email, disable what are called macro-scripts.

If someone does fall victim to ransomware, experts told News4Jax that sometimes -- not all the time, but sometimes -- people can simply turn the computer off and back on. But don't revisit the suspicious website where the incident happened. Users can recover their data from the backups they made.

Additional links on ransomware:

About the Authors: