Ransomware: What to do about it, and how to protect yourself

Ransomware is happening more than you are hearing about. Hundreds of cases have been piling up around Metro Detroit.

The FBI has been tackling case after case - here is how it starts.

"Maybe you ride bicycles and so you may get an email from a local bike shop - or what you think is a local bike shop - that says there is a great sale today on your favorite brand of bike," said Agent Sean Pruitt, "You might be inclined to open that, thinking oh my favorite bike shop has a sale on my favorite bike."

So you open the email.  If you’ve been on social media looking for a set of wheels, the cyber-criminal tracks your activity and sends you an email with a fake offer. You open it and your files are compromised.  

"(Then you get this email) Your files have been encrypted by so-and-so because they love to brag, you can unencrypt them, by paying this amount, and it’s usually in bitcoin, and it’s usually some other form of cryptocurrency."

The FBI says don’t pay. It’s literally what emboldens and empowers these ransomware criminals. Cyber-risk expert David Derigiotis of Burns and Wilcox knows that may be tough.

"It’s easier said than done, that’s the ideal situation," he said. "But it’s not always real world, course of action for a business. If paying a ransom is the only thing that will keep your employees on the job, it’s going to keep you generating revenue, working with your client base, sometimes, unfortunately, that’s all you can do is pay the ransom."

FOX 2: "And does that embolden the bad guys?"

"It does, continues to propagate and continue to strengthen the organization," Derigiotis said. "From there they’re able to recruit, for the development of malware and it keeps them going again and again."

But the FBI says paying, does fuel the crime.

"Don’t pay for the ransom, paying the ransom just emboldens the criminal to do more activity and it also funds their entire operation," Pruitt said. "If you pay the ransom, it may encourage other cybercriminals to embark on the ransomware journey because it seems profitable."

Ransomware attacks are nothing new. They’ve been going on for decades. But you’ve heard about them a lot recently. 
In August of 2020x a malware called Darkside was used to attack the colonial pipeline. Darkside used double extortion and stealth tactics to make their move. 
Just one month later, another group called egregor popped up.  They hit Barnes and noble and Kmart. They were known to publicly shame its victims.  The criminals there were arrested and they have since gone dark.

FOX 2: "Where are these ransomware criminals coming from?"

"The majority of these attacks are coming from Russia and eastern European countries, but as I said earlier, anyone with a little bit of knowledge and access to the dark web can actually formulate one of these attacks," Pruitt said.

So what can you or your company do right away? Derigiotis says to train your employees.  And don’t wait a day to begin doing this.

"Train your employees, employees are the first line of defense, make sure they can identify fishing attachments," he said.

And finally, these steps are critical to stopping it for good.

The first tip from the FBI when it comes to your data.

  • Store backups offline, make sure they’re not connected to the network.
  • Have to have multi-factor authentication where it takes work to log onto the company’s site.
  • Contact the FBI. The website is Ic3.gov to report a problem.  It’s a central database. They'll not only look at your Complaint but compare it to other cases.  

Ultimately, doing those three things can combat an underground cyber mafia of sorts that are often operating on the dark web.

"You can be in your basement, not have a whole lot of cyber-savvy and find the stuff, and if you get into a network, you can interrupt, and demand a ransom," Pruitt said. "However, we do have the nation-state actors that are out there that are rewriting the custom code, and it is on another plane."

When in doubt, don't click.