Are ransomware attacks happening more frequently, or are more victims stepping forward and filing reports with the police? Actually, these days the police are just as likely to be the victims themselves.
Just last week, police in Tewksbury, Massachusetts, admitted that they'd had to pay an untraceable $500 Bitcoin ransom to the hackers who'd encrypted the Tewksbury PD's computer files. The chief of police admitted that the attack “basically rendered us in-operational, with respect to the software we use to run the Police Department.” Tewksbury PD did not keep backup copies of its crucial files.
Over the weekend came news of another law-enforcement organization who'd made a similar mistake: four small towns and a county in Maine all used a single computer network to share files and records with no backup.
WCSH-TV reported that Sheriff Todd Brackett of Lincoln County admitted somebody on the network had accidentally downloaded a “Megacode” virus (which a questioner on a BleepingComputer discussion forum described as being “Like Cryptolocker, but not as well done”).
The virus encrypted the computer files of four town police departments and a county sheriff, until the department paid a $300 ransom for the decryption key. Brackett said that the FBI could trace the money as far as a bank account in Switzerland, but could not trace it beyond that.
Megacode, Cryptolocker and other forms of ransomware work by literally holding files for ransom, specifically by encrypting them and demanding payment in exchange for the encryption key. Some of the less sophisticated forms of ransomware can be removed or decrypted with the right tools, but more often, the ransomware can't be removed or broken without the decryption key from the ransomer.
Ransomware is simply another form of malware and thus is spread just like any other kind. In Durham, New Hampshire, last June, the police department's computer network fell victim to ransomware after an employee clicked on what they described as a legitimate-looking email. Fortunately, the Durham PD did have backup copies of its computer files, so instead of paying the ransom, they wiped their computers clean and then restored everything with their backup files.
Anyone with any type of network connection is vulnerable to ransomware if they're not careful. Just last month, security researchers discovered a then-new version called TeslaCrypt which targeted people on multiplayer game platforms such as Minecraft, Call of Duty, World of Warcraft and other popular titles.
TeslaCrypt not only encrypted the victims' game files, but could also spread to Word documents, Excel files, PowerPoint presentations and similar files. The hackers behind the malware demanded $1,000 from their victims.
If you don't already have backup copies of all your important files – not just on your home computer, but also your tablet, smartphone and anything else holding files you don't want to lose – you should make copies right away, and keep them on a dedicated thumb drive or flash drive, or burn copies onto a disc.
In addition to these physical media storage options, you also have the option of hiring a backup service — though that brings the usual risks that comes with entrusting your data to someone other than yourself.