Imagine everything on your computer gone in an instant. Family photos and banking information held for ransom. It’s a story CBS19 started investigating months ago, and now, ransomware is in the national spotlight.
Just last weekend 200,000 computers in 150 countries were hit in a global cyber attack. Experts in East Texas said ransomware is already here, and it’s time to take precaution.
A mother and small business owner in mount pleasant said she thought it was a joke, until she lost everything.
"I had no idea what ransomware was," business owner Carla Martin said.
Martin is the owner of Sign Express in Mount Pleasant. She’s been designing artwork for more than a decade.
"I had to completely redesign, and this probably to me about an hour,” she said.
Creating logos for signs, she said a lot of hard work is lost. She showed CBS19 a sign for a golf tournament.
Her custom-made designs were saved on her computer.
"I had stuff backed up on a hard drive, and I had stuff backed up on a server,” Martin said. “The virus went through and hit every computer that was networked to our system.”
Anytime Martin tried accessing one of her designs, an error message popped up. Not knowing how to solve the problem, her first thought was that it was fixable.
She quickly found out she had lost everything to a ransomware attack.
Ten years’ worth of her designs, gone in an instant.
"Except for one year. They skipped one year,” Martin said. "Everything that I lost was just a lot of work. A lot of art. A lot of design time has been lost."
Martin pointed out all of her encrypted files end with the extension, “indyalife dot wallet,” a spelling with a cryptic message.
"You feel very angry. Every time you go to open your file, and you see that,” she said.
Ransomware directs you to click on a link.
Usually something enticing that may seem perfectly safe.
After you’re locked out of your files, a window pops up, giving you a number to call to remove the encryption.
But, you’ll have to pay a ransom – usually within hours.
"Didn't care that I was poor and pitiful, trying to run a mom and pop shop. They said they wanted to have four Bitcoin,” she said.
Bitcoin is an online currency that changes value daily.
At the time, Martin was asked to pay roughly $4,500. Bitcoin is completely untraceable – so you have no idea where or who you’re sending money to.
"If they probably would've asked for $400, truthfully, I probably would've paid it,” Martin said. “But I had no idea where my money was going.”
Experts in East Texas tell us there’s hundreds of business owners and individuals right here – like Martin – plagued with the same problem.
"East Texas is just as vulnerable,” said ransomware expert and owner of Technovation Brian Foster.
He said the average Bitcoin payment is between $300 and $10,000, but can go as high as $1,000,000.
"They're very good at triaging who they're talking to,” Foster said. “Are they talking to an individual, an individual grandmother? Or maybe they're talking to the CEO of their general council, and that will sometimes drive they amount of payment they're asking for."
Looking at a real-time map of ransomware attacks around the world shows where the attack is coming from, where the target is and even the IP address. The US is the biggest target.
Foster said the US is the most targeted and does the most attacking, but he said this can be skewed. Once an IP address is detected, it disappears, making it a game of cat and mouse for law agencies.
"More than likely, they are in foreign countries,” Foster said. “The likelihood of our law agencies going to a foreign country, or requesting assistance from other foreign countries, to identify these individuals or groups is slim to none."
Despite the challenges, Foster said the US government is cracking down here.
"The regulatory bodies are now imposing significant fines on those companies that do not protect your information or my information,” he said.
Looking at the 2017 Global Threat Intelligence Report, 77 percent of all attacks around the world between October 1, 2015 and September 31, 2016 happened in four main sectors: business and professional services (28%), government (19%), healthcare (15%) and retail (15%).
"Individuals, small business and medium sized businesses are more of a target right now because the larger companies have the security and tools in place to prevent such attacks," Foster said.
Larger companies, like Microsoft, are speaking out.
Microsoft President Brad Smith wrote a blog post after the WannaCry, or WannaCrypt, hack. Hundreds of thousands of computers around the globe were locked down.
"The governments of the world should treat this attack as a wake-up call. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits…An equivalent scenario with conventional weapons would be the US Military having some of its tomahawk missiles stolen.”
Smith said it’s time the tech sector and government work together to protect ourselves.
Back up everything to the cloud.
Since the attack, Martin purchased brand new computers for her business.
"When your computer guy tells you you're not protected, you better eat his words, because I've been told by two computer guys that I needed to upload this to the cloud base,” Martin said. “I'm busy. It was a hassle. I kept putting it off. Then life goes on, and you truck along, and then you get hit."
Once your files are encrypted, that’s pretty much game over.
Update your computer.
Foster said as cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems.
"Most all of us tend to put off updating our Microsoft operating systems, or our Apple operating systems, or our iPhones or other devices, when they should update those. A lot of times those are security updates,” Foster said.
Educate yourself and your employees.
Let’s call it basic cyber hygiene. Make sure you’re clicking with caution.
Foster said “phishing” is how people like martin are often baited in. Ninety-five percent of the time Foster said he sees it come through email, where someone is awarded a lottery winning.
"If they go out there and they try to drive revenue, they'll send hundreds and hundreds of thousands of emails, hoping to get those individuals or companies to respond,” Foster said.
Never type in your banking or personal information on site that’s not secure.
"Most companies I know of will never ask you for your personal or financial information, but again, people continue to follow that,” Foster said.
Martin told CBS19 she was hesitant to share her story with at first, thinking she may lose business, but spreading the knowledge could save someone from going through what she did.
"Hindsight is 20/20 they say,” Martin said. “From now on, everything is backed up to the cloud. If you do not back your stuff up to the cloud, you are very susceptible to getting hit. The more I talk to people, the more I find out, it's not just me."
She said the urgency to get those files back is an inconvenience, but it’s not an end to her business.
"What really makes me mad is the file says 'indyalife.wallet',” Martin said. "That's not nice. They're not ending my life. I'm moving on."