What to Do When Ransomware Holds Your Data Hostage

In early February, Hollywood Presbyterian Medical Center in Los Angeles was hit by ransomware. Their data was encrypted by the malware, and their computer system was rendered useless. Hospital staff members were forced to communicate through phone and fax and keep handwritten patient records. The hospital ended up paying $17,000 in bitcoins to the hackers to obtain the decryption key necessary to regain access to their data. Ransomware attacks are not uncommon, and getting your data back can be costly. Multiple police departments have been hit with ransomware, and even the police will pay the ransom to get their data back.

Wikipedia describes Ransomware as a type of malware that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction. Ransomware can come in two flavors. In the first, data is encrypted by the malware, and a victim has to pay a ransom in order to obtain the decryption key to regain access to files. This is the type that affected Hollywood Presbyterian. In the second, a computer is rendered useless usually with a message that instructs the victim to pay a ransom in order to regain access to the computer itself. Sounds like something out of a science fiction movie, but ransomware is for real.

Ransomware spreads by clicking an infected file usually delivered through email or accessing an infected website. Cryptolocker is a popular ransomware and has extorted roughly $3,000,000 dollars from its victims before the control server was shut down. Cryptowall appeared in 2014; it is estimated that $18,000,000 has been paid by its victims. A new concept called Crowdsourcing had led to ransomware products are available to anyone for download and free to distribute as they see fit. Once a victim pays, the payment would be split between the developer and the distributor. This is a serious business with serious money going to criminals.

The big question is, if you are infected by ransomware, should you pay or not? Security experts recommend not paying, but this is easier said than done. Some victims may not have a choice, because they need access restored to their data. Keep in mind, if you pay, it does not guarantee that the criminals will follow through with their promise (they are criminals, after all). These criminals like to target businesses rather than individuals, because businesses are more likely to pay and usually will pay a higher rate.

The better approach is to avoid an attack in the first place. So what are the ways to protect yourself?

  • Use antivirus, and ensure the signatures are up to date.
  • Keep up to date with the latest security patches for your operating system and third party software, including web browsers. Ransomware that makes the computer unusable without encrypting files can be overcome by those with sufficient expertise or by some software for non-experts.
  • Watch what you click, and make sure you are backing up your data. These are basic security measures but incredibly important as antivirus software may not recognize ransomware.
  • Make sure that employees are trained in good cybersecurity practices and know how and where to report suspicious activity.