Published

Malware Attack Seizes Business Owner's Files

windowscomputer.jpg
Listen

Imagine you go to pull your social security card or driver’s license out of your wallet, and instead find a note demanding money for its return. The digital version of that scenario played out in one business owner’s computer.

Ryan Whittington owns and operates Club K-9, a dog-boarding facility in South Charleston. He was blind-sided by the Cryptolocker virus, which is a type of malicious software broadly known as ransomware.

“We checked that one customer in, come back five minutes later and our computer was turned off. Rebooted back up. When we rebooted it back up was when the cryptos come in. And we really had no idea what to do with it other than to call one of the computer shops. And they notified us that we need to contact the state police. They had us contact the FBI over it. Everybody took reports but (there’s) nothing anybody was going to do about it.”

Ransomware programs go through your computer without your knowledge and lock up files, encrypting them with an unbreakable code. Then you get a message demanding money in return for a key to access your files.

“With us, they were estimating it somewhere to be around $10,000 if we would have paid it, and a small business like us, we just couldn’t do it.”

Don’t Pay the Ransom

Whittington was advised by law enforcement not to pay the ransom.

Director of Information Security Services at West Virginia University Alex Jalso explains.

“It’s not advisable to pay the money because you’re paying the money to the bad guys and there’s no guarantee that they’re going to give you the information to unlock the files, or they might give you an invalid key to unlock it. Or they might give you a file which could cause further damage to your machine.”

That was true in Whittington’s case. He said a computer repair shop found a second ransomware program embedded deep in his files. The program likely would have been activated once the ransom had been paid.

But the time and money it took to restore the computer system and business files cost Club K-9 dearly — about $8,000 Whittington said.

“It’s a significant chunk of money for us. I mean you’re talking about a third of your business for a month. Basically half your business in a smaller business, I mean depending on what it is. But for our type of business, about a third of out monthly income, and that’s crippling on you.”

A Growing Problem

He isn’t alone in dealing with malicious software.

Attorney General Patrick Morrisey says his office has seen a rise in the number of complaints about computer scams and malware in West Virginia. He says at least a hundred cases were reported last year. Fourteen complaints were filed in January this year.

“And usually when you get a complaint, it’s reflective of a much bigger problem, so a kind of a rule of thumb: For every complaint that comes in there are going to be many other problems that occur but they just may not know to call the West Virginia Consumer Protection Office. So we think that this is a growing problem.”

Prevention

Morrisey and Jalso, the information security officer from WVU, agree that the best way to beat scammers is prevention. Use a robust anti-virus program. There are many available and some programs have anti-malware add-ons that can boost your protection. 

Whittington decided to go a step further. He now keeps his business files on a computer that isn’t connected to the Internet. He uses a separate machine for online ordering and email.

It’s also important in general to just pay close attention when using the Internet, Morrisey says.

“A lot of times when the spam email comes in and you don’t recognize it or it looks a little bit odd, resist the temptation to click on and be curious. Stop, pause and then call our office to enquire about it before you get yourself into a world of trouble.” 

Use strong passwords and change them often. Be suspicious of all email you receive and notices that pop up while you’re browsing. 

Jalso and Morrisey urge people to use common sense when dealing with unsolicited email. If it sounds too good to be true, it probably isn’t.

Malware Tactics

Malware writers use underhanded tactics to get people to open their files, Jalso said.

“There’s a dire warning in the body of the email: If you do not provide us this information then your service will be terminated. And a provider is not going to tell you that in an email. Or the sender’s address has two letters flipped which look really close together, like WVU, they’ll go WUV. And when you’re reading it really fast, your eyes don’t always see that slight change.”

He said the elderly and the young are particularly vulnerable to malicious software. 

“It preys on the elderly because they’re alone and they’re looking for someone to communicate with. And for kids, they just do things so fast that they miss some of the triggers that would alert them that it was a potentially suspicious piece of software or malicious piece of software that they’re going to be installing.”

Morrisey says scam victims should file a complaint with the Consumer Protection Office online or by phone as soon as possible. 

“And then we take that very seriously and also share it with some of our sister law enforcement agencies so we can detect patterns and problems that can lead to better results,” Morrisey said.

The bottom line, Morrisey and Jalso say, is to slow down, be suspicious and be alert when using the Internet.

 

Information from WVU’s IT Department

Malware (Malicious Software) gains access to a computer through two general methods.

  • The malware exploits a vulnerability to gain access to the computer.  This vulnerability could be in the operating system or a running application such as the web browser.
  • The malware relies on user interaction to gain access to the computer.  Examples include but aren’t limited to infected USB drives, infected Office documents, malicious email attachments.

Some Categories of Malware

  • Adware – Deliver advertisements to the user.  May be distributed with ‘free’ software or as part of other malware.
  • Ransomware – Holds the system or information on the system hostage while demanding payment.  May spread through infected files or like a Worm.
  • PUPs – Potentially Unwanted Programs – Software that seems innocuous but is functionally similar to other categories of malware such as adware, spyware and Trojans.  An example of PUPs would be MySearchBar.
  • Rootkit – Malicious software that operates at the system level and hides its presence from the operating system and users.  
  • Spyware – Monitors user activity.  Distributed via ‘free’ software or as a part of other malware.
  • Trojan – Disguises itself as a normal file or program.  Can provide remote access, monitor activity, and/or download additional malware.
  • Virus – Replicates and spreads to other computers by attaching itself to files, documents or programs.  Typically require user interaction to spread.
  • Worm – Crawl through a network by exploiting vulnerabilities in the operating system.  Don’t require user interaction to spread.

Malware Prevention

  • Install comprehensive security software that includes a firewall and protects against viruses, Trojans.   Ensure that your security software includes realtime protection and regularly scans the system for malware.
  • Keep the operating system and all software up to date – particularly web browsers and plugins such as Flash, Java, QuickTime, etc.
  • Do not use USB drives/SD Cards from unknown sources.
  • Do not download software from unknown sources.
  • Do not open attachments from unknown sources.
  • Do not open unexpected attachments from known sources without verifying with the sender.
  • Scan any attachment with your antivirus solution before opening.
  • Beware of phone calls, email or Internet pop-ups offering to help fix your computer.  Microsoft will not call you out of the blue to inform you of a problem on your computer.

Malware Removal

  • Maintain backups BEFORE your computer is infected, crashes or breaks on a separate device or in another location.  Backups and the security thereof is a topic for another discussion.
  • Immediately remove the infected machine from the network/Internet.
  • Perform a full system scan with your antivirus/antimalware software.
  • Do not trust USB drives, SD cards, etc that were recently connected to the infected computer.
  • If necessary, use a ‘clean’ computer to look up malware identified by the scan and/or download removal tools from your antivirus/antimalware company.
  • Know your limitations.  If you are not comfortable attempting to remove an infection or are having difficulty removing an infection, contact a professional.
  • If necessary, restore the computer to the factory settings.
  • Once the infection is removed and your antivirus/antimalware software is fully up to date, scan all removable media.