Ransomware victims pay cybercriminals to save family photos - Action News
Home WebMail Friday, November 22, 2024, 10:49 PM | Calgary | -11.4°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Science

Ransomware victims pay cybercriminals to save family photos

A couple in Winnipeg paid $800 to cybercriminals to get precious photos of their children back after they were attacked by malicious software called ransomware. They hope others can avoid the same fate by learning from their story.

Theresa and Billy Niedermayer felt they had no choice but to cave in to the demand

A photo of the Niedermayers' three boys, Ethan, 13, Memphis, 6, and Braxton, 4, was among the precious family photos held for ransom by cybercriminals. (Theresa Niedermayer)

Theresa and BillyNiedermayer paid an$800 ransom to get precious family photos of their three young boys back from cybercriminals.

Their home computer had been seized by one of the more maliciousmalwareprograms spreading fast around the world.

Billy Niedermayer says he felt 'violated' after cybercriminals locked his computer files and demanded a ransom to get them back. (CBC)

Ransomwaretakes computer files hostage.Cybercriminalstarget photos, videos, spreadsheets, documents, slide presentations anything that someone will pay to recover. The initial infection takes seconds.

In some cases, the malicious software encrypts the files so their owners can no longer read them. The data isn't compromised or removed, just locked down and inaccessible.

Try to access them and a ransom demand appears. Typically,cybercriminalsdemand upwardof $500 US, paid in the untraceablecybercurrencybitcoins.

Billy and TheresaNiedermayer run a home business programming and selling Android TV boxes,but their techbackground didn't stop them from falling victim.

They had backed up their data on an external hard drive, but kept itplugged into the computer, allowing it to become infected along with the rest of the computer.

'I felt violated'

Faced with the potential loss of their boys' childhood photos and their wedding and honeymoon photos, along with theirbusiness records, theypaid the ransom and got the code to unlock their files.

"I felt violated,"BillyNiedermayersaid from his Winnipeg home. "It felt frustrating that theyre taking our hard-earned money and theyre pocketing it and funding who knows what."

Billy and Theresa Niedermayer snapped this photo on their honeymoon in Mexico in 2012. Faced with the thought of losing photos of their wedding, their honeymoon, and their boys' childhoods, they paid the $800 ransom to get them back. (Theresa Niedermayer)

It`s not clear how theNiedemayersgot infected, but typically that involves opening an attachment or downloading software or an app, one which may appear legitimate. One ransomware source making the rounds appears as an email from Canada Post. It directs recipients to open an attachment to see the delivery information. But open it and themalwaretakes over. Virus protection programs, if outdated, even by just a couple of days, are no match.

Once a ransom is paid, a code is provided to begin the laborious decryption process one that can take several days or weeks.

Infections with ransomware appear to be soaring. Last month, internet security firm McAfee Labs, now a subsidiary of Intel Security, announced that it had detected a 155 per cent increase in the final three months of 2014. Michelle Dennedy, chief privacy officer for Intel Security, estimates that cybercriminals are now taking in $10 million to $50 million a month using ransomware.

Just last month, the FBI issued a warning of a fairly newransomwarevariant making the rounds calledCryptoWall2.0, which encrypts files on a computers hard drive and any external or shared drives to which the computer has access. Canadian authorities have echoed the warning.

Firms are sent this encryption notice after hackers use CryptoWall ransomware to take files hostage and demand a ransom payment. (phishme.com)

Those who peddle the criminalmalwareare clearly oriented to business, skilfully using the tools of e-commerce.

"Even though we got had," BillyNiedermayer admitted, "theyre brilliant.

Targets include Android phones

In 2013, poorlyprotected personal computers were the primary victims, but criminals have expanded their targets to include business records, governments and Android phones. In the U.S. alone, Android phones are estimated to have been affected four million times. Apple computers and phones havent been hitmuch yet, but thats not to say they wont be. And when they are targeted, expect the ransoms to be even higher, several tech security experts told CBC News.

The City of Detroit got hit and refused to pay the $800,000 ransom to get its databasedecrypted.

Chester Wisniewski, senior security adviser at the internet security firm Sophos Canada, says if your files are backed up on an external hard drive, there's no need to pay the ransom. Just take your computer to a computer shop to remove the malware and restore the backup. (CBC)

In British Columbia, three unidentified law firms were hit two of them refused to pay the ransom, but one did.

"The software provided a notice with links that they need to pay a ransom within 12 hours,"explainedRyan-Sang Lee, the communications officer for the Law Society of British Columbia, "and if that wasnt paid within 12 hours, that ransom would effectively double."

The two firms that refused to pay had all their data backed up on detached, external drives. But then began a lengthyand annoyingprocess of wiping their entire system, rebuilding it and returning the data from the backup.

ChesterWisniewski, senior security adviseratthe internet security firm SophosCanada,has become an internationallyrecognized expert atcombatingransomware.

He sympathizes with those who get infected with ransomware and feel forced to pay.

"Clearly if someone's holding the photos of your toddler'sfirst steps hostage for $500, that's ajudgmentcall you need to make as to whether it's worth spending that $500 to get that content back."

Lesson learned

Wisniewskisaid if you get infected withransomwareand have backups of all your files, there's no need to pay the ransom.

"We recommend simply going to the computer shop and having themalwareremoved from your computer. And then you can just copy your files from your backup."

Theresa Niedermayer learned that lesson the hard way.

"We tell everyone you need to back up your computer on an external hard drive and unplug it disconnect it from your computer," she said.

She and her husband are quite aware that their failure to do that forced them to make a payment one that will only prompt the profitable cycle ofcybercrimeto continue.

With files from Emily Chung