Brian Kirkpatrick featured on-air with Gary Pozik discussing ransomware on August 22, 2016

Aug 15, 2016

It turns out the the host of the Health, Wealth, and Happiness show on WGCV AM 620 has been a victim of ransomware himself. In Gary’s case, the criminals encrypted nearly 1000 music files and demanded several hundred dollars for a key that would release the files.

Brian Kirkpatrick discussed on Gary's show that anyone can be a victim of ransomware. Recently, large hospital systems have been the targets of ransomware with successful attempts of locking up entire patient databases. In these cases, ransom demands have ranged from the tens of thousands to the millions of dollars. 

Current versions of ransomware are malware that infect computer systems by a user clicking on a link, article, picture, or file embedded with the malware. The malware then seeks out computer files and encrypts them. The malware doesn’t just stop there. The ransomware is programmed to wait for other devices to be connected to the computer such as back-up drives so that it can encrypt those as well. Once the damage is complete, the ransomware will delete itself from the computer, lock the system, and display a message that the files are being held hostage with a link to make a payment using bitcoin.

Because the software will mutate with nearly every attempt, conventional virus detection software is useless for stopping ransomware. The best option for defending against ransomware is to purchase software that specifically states that it has the capability to detect ransomware. 

However, if you become a victim, there are a few options. First, if you have been backing up regularly and to multiple back-up types such as a USB and CD back-up, you may be one of the lucky few that can restore the files. However, you will need to make sure that the restore media does not contain the ransomware. This method is impractical for large organizations with multiple complex databases. Even if it is possible, the company can bet on many wasted man hours of IT technicians as well as a loss of productivity that could last for days. 

Another option is to do as the FBI recommends, and pay the ransom. In the past, paying the ransom would almost ensure that the data would be released. If the criminals did not regularly release the files, then no one would ever pay. Nevertheless, more recently, there have been versions of “Ranscam” which is made to look like ransomware, but it actually deletes the files first, locks the system, and then demands the ransom while stating that the files are encrypted. Unfortunately, a victim of ranscam will not ever see his files again whether he pays or not. One should know that paying a ransom will also likely put him on a list of “suckers” who will pay. So paying now may retrieve your files, but it will also most likely increase ones chances for a future attack. 

The last option is to save the encrypted files and wait until the particular version of ransomware has been decrypted and posted publicly. Some older versions of ransomware have been decrypted the programs are posted on the public internet. However, even if this option is available, it will still take considerable time and resources, which may be unnerving for the average computer user. As ransomware advances, it is less likely that this will be a practical option.