Hackers are smart. They are adaptable, they are precise, and they are strategic. These traits, just like with any other businessman, make them successful at what they do. Unfortunately, what they do is take your money. Ransomware is quickly becoming the worst and most common malicious virus. Instead of simply ruining computers to the point of no return, hackers are starting to infect computers with an encryption virus that is completely reversible: for a price. The goal is no longer to cause chaos, but to make money.
When you receive a virus like CryptoLocker on your computer, hackers have essentially taken your files hostage by locking them up. The hacker has encrypted your files, but all is not lost—the hacker has the encryption key. In most cases, they will hand over the key once they receive their payment (though it doesn’t always work this way, and you can never know for sure what the outcome will be until it happens). Payments vary. This year, most cases of CryptoLocker have had the ransom set at around 1 bitcoin (that’s currently $450). If you own a large corporation, you may be targeted for 40 bitcoins or more. Hospitals in particular are paying upwards of $20,000 (~44 bitcoins) to get their files unencrypted. US Dollar to bitcoin conversions fluctuate wildly. Just last month, the price of one bitcoin was barely over $400 and at the beginning of February 2016, it was $375. In 2014, 1 bitcoin was worth more than $1000.
After your files are encrypted and a ransom note is displayed on your computer, you have three choices. The first (and safest) option is to restore your files from their most recent backup. This is the only way to get your files back without paying for them. If you don’t have a recent backup (or have no backup at all), your second option is to pay the hacker and hope you get your files back. The third option is to factory reset your computer, but you will lose all of your files.
If you choose the second option, you will have to create an account on one of the many bitcoin purchasing sites. Coinbase is the most popular. Once your account is created, you connect your bank account and purchase as many bitcoins as you need. Coinbase itself is a secure website, similar to PayPal, so you shouldn’t have any issues arise from connecting your bank information to this website. There are other methods of payment (including PayPal, credit card, and even money order) but it is important to remember that almost all of these methods will still require you to create an online account with a website geared towards the buying and selling of bitcoins. Bitcoin is an online currency, and its exchange takes place online.
The hacker will have given you a transaction ID that you must enter to exchange the bitcoins you purchased. Then, it’s just a waiting game to see if the hacker will unencrypt your files. Occasionally, a hacker will tell you that they never received your payment, and ask for you to send it again. What else can you do? Since this entire process is anonymous, it is impossible to prove whether they received your payment or not. Sometimes, you will send the bitcoin and the hacker still won’t unencrypt your files. The best case scenario is that you receive the encryption key as soon as the hacker collects your bitcoins. It’s a risky situation, but hackers know that your files and data are important to you—and that you will do anything you can to get them back (especially if they include private client or patient information).
Be smarter than the hacker, and make sure that your files are regularly backed up. If you have a managed service provider, call them up and verify how often your files are backed up. If it’s not daily (or more often), find out what you can do to make them more frequent.
You’ll do whatever it takes to protect your client’s information and your business’ data. Invest in quality backup services. Don’t let your hard earned money end up in a hacker’s pocket.