Aggressive, elusive hackers hold computers for ransom

Select an option below to continue reading this premium story.

Already a Honolulu Star-Advertiser subscriber? Log in now to continue reading.

Get unlimited access

From as low as $12.95 /mo.

Subscribe Now

Ransomware is a type of malware that some analysts predict will be the most prevalent in 2013. Hackers use it for a number of scams, including planting pornographic images on computers and "locking" them, making it impossible to use or shut down the devices without pulling the power cable.

Internet criminals then demand a ransom — what they call a "fee" —usually $200 to $300, or threaten to report the computer’s owner. In some cases the malware is purported to be from a law enforcement agency that supposedly discovered the images, and the fee is a "fine" to keep the matter out of court.

Information such as IP address or physical location may be included to further convince the victim that they’ve been violating the law. In extreme cases the malware will display a feed from the victim’s webcam (if equipped), suggesting that the bogus law enforcement agency had the victim under surveillance.

As having child pornography on your computer leads to dire consequences in most countries, it’s no wonder that users will often pay hundreds or thousands of dollars to these criminals. But this is not advised, as there’s no guarantee the criminal will unlock the computer once the fee is paid. In fact, they frequently ask for multiple payments, draining their victim’s bank account before releasing the computer or simply disappearing. Some victims tell of losing tens of thousands of dollars to these extortionists and never getting their computers unlocked.

It’s hard to put a dollar figure on the amount criminals are taking in using these tactics because victims are often reluctant to report the crimes, but it is believed that the number is well into the millions.

In another style of ransomware, criminals encrypt the contents of the victim’s hard disk, making files impossible to read, and ask for money to return them to a readable state. This is the digital equivalent of changing the combination on someone’s safe and demanding money to let them know the new code.

The good news is that ransomware is rarely as difficult to remove as the perpetrators would have you believe. In most cases you can reboot your computer into Safe Mode and restore from a recovery point. If that doesn’t work, most anti-virus companies offer downloadable recovery disks that you can boot to in order to clean out the infection.

Recovery isn’t as easy for ransomware that encrypts your data. If the disk has truly been encrypted, you are usually left restoring from a recent backup. If you aren’t regularly backing up your data, this story should prompt you to start doing so right away.

Remember to use up-to-date anti-virus protection, avoid clicking on links or attachments from untrusted sources, and back up your data regularly.

And if you do become a victim, be sure to report the incident to the FBI’s Internet Crime Complaint Center at www.ic3.gov.

———
Hawaiian Telcom Information Security Director Beau Monday is a local cybersecurity expert. Reach him at Beau.Monday@hawaiiantel.com.