Kidnapped! What to do when your computer is seized

Rob Calarco explaining what Ransomware is at Ardmore Computer on Monday, June 6th, 2016.

The crime is so new the FBI doesn't really know how bad it is, but knows ransomware extortion is a bad and growing threat.

Ransomware is the umbrella name for different cybercrime viruses that kidnap your computer and hold it for ransom.

The computer never leaves your home or business, but one type of virus freezes it, while another encrypts your files so you can't access them. Attacks are often accompanied by official-looking "notifications" on the computer screen.

In each case, the criminal hackers promise to release your computer in exchange for payment, which is ransom.

It's amazing a criminal 5,000 miles away can put his fingers on a keyboard and rob you, usually with impunity.

"Five or six times in the past couple of weeks" Ardmore Computer got calls from people victimized by the attack virus known as Syskey, says Rob Calarco, co-owner of the computer shop at 29 Rittenhouse Place in Ardmore. Syskey targets the Windows login.

"Syskey is generated by a bogus phone call, they pose as Microsoft and get you to turn on your computer" tell you to make a few keystrokes and take over your computer, says Calarco. "Microsoft doesn't make outbound calls," he says.

One of Calarco's customers recently agreed to pay $600 to have his computer released and needed Calarco's help buying the Bitcoins demanded for ransom. Bitcoins are digital credits that are used as currency and are nearly untraceable.

None of Calarco's victimized customers were willing to speak to me. "Too embarrassed," he says.

In 80-90 percent of the Syskey attacks, Calarco says he can "rebuild their systems from registry backups."

Of more recent ransomware, Crypto viruses are the "nastiest," says Calarco. There are several variants - CryptoWall, CryptoVault and CryptoLocker.

The virus typically gets into your computer when you open an email attachment carrying the virus or you visit an infected website.

Once in, it encrypts your files, denying you access without a key the criminals provide for Bitcoins. A demand is made for money, usually with a deadline of a few days. Sometimes the ransom will double if the deadline isn't met, sometimes the criminals threaten to delete the files if you don't pay.

If people get stampeded by fear of losing their files, it's understandable. In addition to financial records, tax returns and home data, many people have uploaded irreplaceable family documents, music and photos into their computers.

Individuals, municipalities, even police departments have paid ransom. The largest ransom payment I found online was the $17,000 paid by Hollywood Presbyterian Medical Center in California to a hacker who seized control of the hospital's computer systems.

FBI Supervisory Special Agent Benjamin Stone tells me he knows of $24 million total that has been paid in ransom. Some sources surmise up to 1 million victims globally and hundreds of millions paid in ransom.

There were 2,453 complaints of scams and criminal activity reported to the government's www.ic3.gov website in 2014 and 2015, but Stone believes there are many more victims who don't know how to report or are too embarrassed to come forward. He's seen "a lot more reports coming across my desk" in recent weeks.

The villains "are pretty much overseas," Stone says, without specifics. Other sources point to Eastern Europe and Russia. They operate on what's called the "dark web" or the "hidden internet," Stone says.

Many pay the ransom because it's almost impossible to break the stranglehold the criminals have on the computer.

Speaking for the FBI, Stone says, "We're not going to advocate paying a ransom. You're paying a criminal for kidnapping," but he acknowledges "people are faced with reality and have to make a decision."

Can you trust the criminals to release your files after you've paid the ransom?

"Crooks provide you with very good customer service," Stone says with a grim smile. "If word got out that you pay the ransom and you don't get your stuff back, they'd go out of business."

Realtor Keith Elsen of Space & Company in Center City did business with an "honest" crook just last week.

Wednesday afternoon he was notified his laptop, which he uses for both home and work, had been kidnapped. He believes that he contracted the virus while placing an ad on a website.

The hacker provided helpful instructions about how to pay so Elsen could get his stuff back.

"At first I thought it was a joke, especially when he said I had five days to pay or the amount would double," says Elsen.

Because they were his business files, and were not being backed up as he believed they were - "long story," he sighs - he felt he had no choice but to pay. The hacker kept his word and released the files.

Now that you know about the threat, how can you protect yourself?

"The solution is to have effective backups," says the FBI's Stone. It's a good idea to have an external drive that captures everything you do, but don't leave it plugged in all the time because it can become infected and encrypted. He suggests attaching and downloading about once a week.

He also suggests buying cloud protection.

Ardmore Computer's Calarco agrees "cloud backups are great" and recommends paying for online storage with Carbonite or MozyPro. Each backs up data frequently, keeping a clean copy of your work. Carbonite prices start at about $60, MozyPro at $109, for a year's service.

You can buy an external drive and back up your files yourself, or pay for cloud services, or keep your fingers crossed your computer won't be kidnapped by a thief you will never see.

The choice is yours.


stubyko@phillynews.com

215-854-5977 @StuBykofsky

Blog: ph.ly/Byko

Columns: ph.ly/StuBykofsky