Aug 14, 2014
03:59 PMConnecticut Today
Ransomware Hackers Will Kidnap Your Computer Files, Hold for Ransom, Connecticut AG Warns
It begins innocently enough. Maybe it’s a link in an official looking email, or you just wandered down the wrong corridor of cyberspace. Or maybe you saw an add promising a free vacation or some prize, and even though you knew you should know better, you clicked anyhow.
No matter how you got there, once you open that link you’ve unleashed the contamination floodgates and your computer is in the grips of a simple yet devastatingly effective virus. Unlike other viruses, in order to rob you, this one doesn’t need to steal your credit card number or other personal information. It doesn’t need to break down the security safeguards of your bank or learn your social security number. All it needs is access to your computer, access you unknowingly gave it when you clicked on that link.
With that access it’s simple and a relatively low-tech procedure for the virus to delete or destroy your computer’s files. But the virus doesn’t do that immediately. Instead the criminal that sent it “guesses what your threshold of pain is,” says Connecticut’s Attorney General George Jepsen—or in other words, what you are willing to pay. Following the hack, you get an email with the list of files that will be destroyed unless money is sent. Usually the email also stipulates that payment be made with some hard-to-track type of currency like Bitcoins, MoneyPak or untraceable credit cards.
“The amount that is being requested and the amount of time that is given varies,” Jepsen (right) says. However, the message is essentially the same: A criminal has your computer files hostage and they’ll only let them go if you pay the ransom.
It sounds like a plotline of a made-for-TV movie staring Steven Seagal, but it’s a real and increasingly prevalent type of virus known as ransomware. The FBI estimates that more than $100 million dollars has been lost as a result of ransomware attacks. Reports of attacks in Connecticut prompted Jepsen’s office to issue a press release this week warning consumers and customers of the potential dangers of the virus.
“[Ransomware attacks] seem to be working pretty effectively around the country so we expect them to increase,” Jepsen tells Connecticut Magazine. “We’ve only had a limited number of complaints in Connecticut; however, we suspect that people are under reporting its frequency because—and this has come through in the complaints that we have had—they're a little embarrassed.”
Assistant Attorney General Matthew Fitzsimmons is head of the Attorney General's Privacy Task Force and works closely with the Attorney General on these issues. He says that ransomware viruses are not very complex from a hacking standpoint.
“At its core the functionality of the virus itself is pretty simple,” he says. “Once you click on a link, whether in an email or whether you open an attachment, you're allowing a program to run on your computer and included in the script that's running can be some malicious code.”
Fitzsimmons likens that malicious code gaining access to your computer to “giving somebody the keys” to your house. “Once you have access to a computer’s hard drive you can either search out specific files or just encrypt a whole hard drive in a fairly easy and quick way,” he says.
Fitzsimmons and Jensen say the key to avoiding this type of virus is proper preventative measures.
“Never click on a link or open an email (or its attachment) from someone you do not know or trust, and always keep virus protection software up to date,” Jensen says. He adds you should also always backup any important files on your computer.
If preventative measures fail and you are infected, the attorney general’s office recommends that you immediately disconnect from any network you’re connected to, which will prevent the criminal from being able to communicate with the virus. They also advise reporting a ransomware infection or any virus infection to the Internet Crime Complaint Center (IC3), which is a partnership between the FBI and the National White Collar Crime Center (both federal and state law enforcement agencies have cyber crime units dedicated to investigating crimes of this nature).
So how concerned should Connecticut residents be about ransomware attacks potentially taking their computers hostage?
“People should always be on their guard,” Jensen says. “This scam is unique and different in its approach but at its core its not dissembler from other scams. We stress prevention any time there’s a new scam. Last week it was people impersonating IRS officers saying ‘you owe back taxes and if you didn’t come up with the money soon you will face criminal liability.’ The common denominator in this instance is a threat and a request for money. So we just use every opportunity we can to get people to think before they do something they’re going to regret.”