Live On The Levee Lineup Announced
Charleston’s annual free concert series, Live on the Levee, will begin on May 24 and run through August 10.
Continue Reading Take Me to More NewsImagine you go to pull your social security card or driver’s license out of your wallet, and instead find a note demanding money for its return. The digital version of that scenario played out in one business owner’s computer.
Ryan Whittington owns and operates Club K-9, a dog-boarding facility in South Charleston. He was blind-sided by the Cryptolocker virus, which is a type of malicious software broadly known as ransomware.
“We checked that one customer in, come back five minutes later and our computer was turned off. Rebooted back up. When we rebooted it back up was when the cryptos come in. And we really had no idea what to do with it other than to call one of the computer shops. And they notified us that we need to contact the state police. They had us contact the FBI over it. Everybody took reports but (there’s) nothing anybody was going to do about it.”
Ransomware programs go through your computer without your knowledge and lock up files, encrypting them with an unbreakable code. Then you get a message demanding money in return for a key to access your files.
“With us, they were estimating it somewhere to be around $10,000 if we would have paid it, and a small business like us, we just couldn’t do it.”
Don’t Pay the Ransom
Whittington was advised by law enforcement not to pay the ransom.
Director of Information Security Services at West Virginia University Alex Jalso explains.
“It’s not advisable to pay the money because you’re paying the money to the bad guys and there’s no guarantee that they’re going to give you the information to unlock the files, or they might give you an invalid key to unlock it. Or they might give you a file which could cause further damage to your machine.”
That was true in Whittington’s case. He said a computer repair shop found a second ransomware program embedded deep in his files. The program likely would have been activated once the ransom had been paid.
But the time and money it took to restore the computer system and business files cost Club K-9 dearly — about $8,000 Whittington said.
“It’s a significant chunk of money for us. I mean you’re talking about a third of your business for a month. Basically half your business in a smaller business, I mean depending on what it is. But for our type of business, about a third of out monthly income, and that’s crippling on you.”
A Growing Problem
He isn’t alone in dealing with malicious software.
Attorney General Patrick Morrisey says his office has seen a rise in the number of complaints about computer scams and malware in West Virginia. He says at least a hundred cases were reported last year. Fourteen complaints were filed in January this year.
“And usually when you get a complaint, it’s reflective of a much bigger problem, so a kind of a rule of thumb: For every complaint that comes in there are going to be many other problems that occur but they just may not know to call the West Virginia Consumer Protection Office. So we think that this is a growing problem.”
Prevention
Morrisey and Jalso, the information security officer from WVU, agree that the best way to beat scammers is prevention. Use a robust anti-virus program. There are many available and some programs have anti-malware add-ons that can boost your protection.
Whittington decided to go a step further. He now keeps his business files on a computer that isn’t connected to the Internet. He uses a separate machine for online ordering and email.
It’s also important in general to just pay close attention when using the Internet, Morrisey says.
“A lot of times when the spam email comes in and you don’t recognize it or it looks a little bit odd, resist the temptation to click on and be curious. Stop, pause and then call our office to enquire about it before you get yourself into a world of trouble.”
Use strong passwords and change them often. Be suspicious of all email you receive and notices that pop up while you’re browsing.
Jalso and Morrisey urge people to use common sense when dealing with unsolicited email. If it sounds too good to be true, it probably isn’t.
Malware Tactics
Malware writers use underhanded tactics to get people to open their files, Jalso said.
“There’s a dire warning in the body of the email: If you do not provide us this information then your service will be terminated. And a provider is not going to tell you that in an email. Or the sender’s address has two letters flipped which look really close together, like WVU, they’ll go WUV. And when you’re reading it really fast, your eyes don’t always see that slight change.”
He said the elderly and the young are particularly vulnerable to malicious software.
“It preys on the elderly because they’re alone and they’re looking for someone to communicate with. And for kids, they just do things so fast that they miss some of the triggers that would alert them that it was a potentially suspicious piece of software or malicious piece of software that they’re going to be installing.”
Morrisey says scam victims should file a complaint with the Consumer Protection Office online or by phone as soon as possible.
“And then we take that very seriously and also share it with some of our sister law enforcement agencies so we can detect patterns and problems that can lead to better results,” Morrisey said.
The bottom line, Morrisey and Jalso say, is to slow down, be suspicious and be alert when using the Internet.
Information from WVU’s IT Department
Malware (Malicious Software) gains access to a computer through two general methods.
Some Categories of Malware
Malware Prevention
Malware Removal