Computer malware that seeks ransom hits businesses

CRAIG T. KOJIMA / CKOJIMA@STARADVERTISER.COM
Honolulu Police Lt. John McCarthy gave a presentation Wed- nesday on a scam that uses malicious software to encrypt files until the data on a computer is locked. Computer users are then told to pay to retrieve it.

Select an option below to continue reading this premium story.

Already a Honolulu Star-Advertiser subscriber? Log in now to continue reading.

Get unlimited access

From as low as $12.95 /mo.

Subscribe Now

Police are warning the public about a new form of malicious computer software surfacing in Honolulu that locks up files and demands a ransom payment to restore them.

Reports about the malware, called CryptoWall, started surfacing about two weeks ago, and police have since received about a dozen complaints, said Lt. John McCarthy of the Honolulu Police Department. He suspects the program’s "ransomware" attacks are underreported because people may not know where to submit a complaint.

Only businesses have complained to police so far, but personal computers are also vulnerable, McCarthy said Wednesday during a news conference at Honolulu police headquarters. The malware primarily affects PCs, but Apple computers and mobile devices could also be susceptible.

McCarthy said this malware is usually spread through emails disguised to appear legitimate. It is unknown who is behind CryptoWall, which is a newer version of CryptoLocker malware and is causing problems internationally, he said.

The malware struck at SOHO Computer Repair, near Ala Moana Center, last week when two customers came in with infected computers.

"It’s really bad," said John White, the repair shop’s owner. "It basically locks up everything."

Don't miss out on what's happening!

Stay in touch with breaking news, as it happens, conveniently in your email inbox. It's FREE!

By clicking to sign up, you agree to Star-Advertiser's and Google's Terms of Service and Privacy Policy. This form is protected by reCAPTCHA.

Once the program infects the computer, White said, it encrypts files until all the data on the device is locked. "There’s no way for us to get in — you can’t go through a back door," he said.

White said that while some computer functions are not affected, CryptoWall locks up files for everything from pictures to documents.

When a user tries to open an encrypted file, a note pops up that details how to pay a ransom with Bitcoin, a relatively untraceable virtual currency.

The CryptoWall notice has a countdown clock giving users 168 hours to pay $500 to have the data unlocked, McCarthy said. When the clock runs out, the ransom doubles.

A Honolulu company lost all its data when it didn’t pay the ransom, while another paid and its files were restored. Even so, White said he never advises clients to pay a ransom, and that in some cases, paying failed to work.

McCarthy said accounting firms, a travel agency and other small businesses in Honolulu have been affected. He added that the data appear to be encrypted on the computer or network rather than downloaded to be used in identity theft.

McCarthy and White stressed that the best way to avoid losing files is to back up data, allowing a computer to be wiped clean and restored using the backup. "Especially for businesses, they should always back up their data," White said.

McCarthy said businesses can further protect themselves by keeping anti-virus, anti-spyware and anti-malware software up to date and informing computer users that emails that appear legitimate may harbor the malware in their attachments and links.