Ransomware: $18 Million and Counting … in Only 15 Months

What is the cost of Internet security?

Catherine Heslep was logging off Gmail when her computer was hijacked, another victim of ransomware. “Your files have been encrypted,” the message on the screen proclaimed. “You will not be able to access them without an encryption code.”

The cost for the code was 60 bitcoin, which translates to $700,” she says.

Getting no response, the cybercriminals issued another ominous warning the next day: “If you don’t believe us, pick five files and we’ll decrypt them to prove it. You have 72 hours.”

No matter that Heslep had top-rated protection software that’s updated regularly or that she can’t recall clicking on any suspicious link. “I have no idea how this happened,” she says. “My kids sometimes use my computer to play video games or watch YouTube. Maybe that?”

Wisely having proactively backed up the contents of her computer, Heslep didn’t pay (other than with her time, spent changing 40 account passwords). But others do; victims shelled out at least $18 million from April 2014 through last month – and that’s only among the 992 consumers and businesses that filed complaints with the FBI’s Internet Crime Complaint Center (IC3) about top ransomware CryptoWall.

The name says it all: Ransomware attacks both personal computers and Macs, encrypting user files to make them unreadable until a ransom is paid. In most cases, the IC3 says, the ransom is paid, and users regain access to their files. But beyond the ransom fee itself (typically between $200 and $10,000), some victims pay thousands more in loss of productivity, computer services, legal fees, and credit-monitoring services that businesses buy for employees or customers. Payment is usually demanded in the digital currency bitcoin because it's fast, easy to use and hard to trace.

Since hitting the cyber scene three years ago, ransomware has been a growing threat; indeed, security software manufacturer McAfee reports that attacks jumped 165 percent this year over 2014. It premiered with bogus warnings, allegedly from the FBI or others, accusing computer users of watching kiddie porn (the excuse for freezing their access) and demanding a “fine” for thawing. Now these attacks largely come with messages like the one Heslep received, with ever-increasing “pay or else” extortion amounts.

Although not guaranteed to work, these actions may reduce your ransomware risk:

* Regularly back up the contents of your computer. With an external hard drive or CD-ROM, “if you back up, verify, and maintain offline copies of your personal and application data,” the FBI says, “ransomware scams will have limited impact on you. Instead of worrying about paying a ransom to get your data back, you can simply have your system wiped clean and then reload your files.”

* Use reputable antivirus software and a firewall. These aren’t foolproof, but keep software updated and run scans at least twice a week.

Get discounts on financial services from trusted companies — AARP Member Advantages »

* Enable pop-up blockers. Criminals regularly use pop-ups to spread malicious software. To avoid accidental clicks on or within pop-ups, the best prevention is avoidance.

* Click carefully. Don’t click on any emails or attachments you don't recognize. Be careful when surfing music or celebrity news sites; they are hotbeds for secretly installing malware on your computer.

* Avoid “free” online offers for screen savers, games and the like unless you download them from trusted websites.

For information about other scams, sign up for the Fraud Watch Network . You’ll receive free email alerts with tips and resources to help you spot and avoid identity theft and fraud, and gain access to a network of experts, law enforcement and people in your community who will keep you up to date on the latest scams in your area.

Photo: Mario13/iStock

Also of Interest

See the  AARP home page for deals, savings tips, trivia and more.

Search AARP Blogs