Held ransom: Ill-advised email click separates Calgarian from family photos
Published Wednesday, December 21, 2016 6:13PM MST
Last Updated Wednesday, December 21, 2016 6:56PM MST
A Calgary woman says she has lost all copies of family photos and sentimental videos to cyber predators but the offenders are willing to allow her access to the files for a price.
Earlier this month, Laura McIntosh received an email from an account bearing the name of a friend. McIntosh clicked the accompanying attachment and expected to receive an animated holiday greeting.
“Everything was fine until I opened the attachment,” said McIntosh. “I’m really, really cautious about opening anything just for the very reason of this kind of thing.”
After opening the attachment, McIntosh noticed the email was sent from an account with the same uncommon name as her friend but from an email domain she did not recognize. “I should have known just by looking at that.”
A message on her screen alerted McIntosh to the fact all of her files had been encrypted but the files could be decrypted with a key for a fee. The cost of the private key and decrypt program was three bitcoins, approximately $3,000 Canadian.
“Everything’s frozen,” said McIntosh of her laptop. “It’s like someone puts a giant padlock on your computer.”
McIntosh, a mother to two teenagers, lost access to family photos, videos, documents and spreadsheets to the ransomware attack.
“The work stuff, it’s going to take a while to get it all redone but I can redo that. That’s just time consuming,” said McIntosh. “The pictures are the big thing. There’s a lot of first things like the first time my son had a live performance with his band, the video was on there.”
The ransomware victim says she considered complying with the demands of the attackers but says she did not have $3,000 readily available and was concerned the attackers would take her money without restoring her files.
Ransomware attacks are becoming increasing prevalent and, according to a recent Microsoft report, Canada had the third most ransomware detections in the world between December 2015 and May 2016. In that timeframe, 50 per cent of all detections occurred in the United States while 13 per cent were found in Italy and 6 per cent in Canada.
Dan Hampton of Tech Squad says ransomware targets are selected at random but are primarily home users or small businesses and anti-virus software does not prevent attacks.
“The email is not a live virus so there’s nothing for the anti-virus (program) to do because it doesn’t understand that there’s something malicious on your computer,” explained Hampton. “It’s when you click that link in the email or you open that attachment in the email that your anti-virus doesn’t see.”
Hampton says email providers are unable to prevent the circulation of ransomware.
“Unfortunately, right now, email security is not at a point where we can detect malicious links until they’re clicked,” said Hampton. “Especially with cryptlockers and ransomware, you are very much responsible.”
In order to avoid becoming a victim of a ransomware attack, Hampton recommends:
- Being aware of who sent the email
- Avoiding clicking links if an email does not resemble a typical message from the sender
- Contacting the sender via other avenues to ensure they had sent the message
- Flagging and deleting emails from senders that cannot be verified
“You have to be diligent. You have to be sure that you’re not clicking things that you’re not sure of.”
Hampton says its unfortunate but ransomware has proven to be an effective crime that preys on unsuspecting victims.
“People don’t pay attention. They just see a link and they go ‘Oh, this is from my friend. It’s got to be safe’ and they click it and, the next thing you know, they’re infected,” said Hampton. “The attackers, they count on that level of ignorance, that level of complacency.”
Victims of ransomware attacks are unlikely to retrieve their data unless they had backed up their files or pay the ransom.
“The level of encryption on these is so vast that we couldn’t decrypt it if we wanted to, which we do want to do, but there’s nothing more we can do except educate.”
Hampton adds ransomware attackers have a reputation to maintain and victims who pay do receive their data back. “The only way to keep the scam going is to make good on it.”
McIntosh says she’ll canvass her friends in the hope they can provide photographs similar to the ones she has lost. All future emails in her inbox will face additional scrutiny. “I’m not going to get sucked in again.”
With files from CTV's Lea Williams-Doherty