Grayson Barnes had just started working at his father’s law firm in Tulsa, Oklahoma a year and a half ago when a message popped up on one of his computer screens: all files on the firm’s network had been encrypted and were being held hostage. If Barnes ever wanted to see them again, he’d have to pay $500 in the Internet currency Bitcoin within a few days. If he didn’t, everything would be destroyed. ‘It wasn’t just a day’s worth of work,” Barnes says. “it was the entire library of documents.”
Barnes, 20, called the police and then told the FBI, but the investigators he spoke to told him there was nothing they could do. If he paid, there was no guarantee he’d get the files back. If he didn’t, there was little chance of pressing criminal charges, since many hackers live abroad. Two days later, his firm paid up and the files were unlocked.
This, says Juan Guerrero, a senior security researcher at Kaspersky Lab, is why so-called ransomware attacks have become ubiquitous in the past two years. From a criminal’s perspective, they’re low budget and have a high success rate. Instead of going after high-value, heavily fortified systems, like those of banks or other corporations, ransomware allows even low-skill hackers to go after easy targets: small businesses, schools, hospitals and average PC users.
Cybersecurity experts estimate that there are now several million such attacks per year on American computers. The House of Representatives was targeted in May, and in recent months ransomware has shut down at least three health care centres, including a Los Angeles hospital that ultimately paid roughly $17,000 to regain access to its patients’ records. School districts and even police departments are increasingly being hit.
While law-enforcement officials have the tools to remove some ransomware, in most cases, users like Barnes find themselves stuck between two bad options. Barnes says he and his colleagues are now better prepared. “Everything is backed up now,” he adds. “It’s not happening again.”