The Tewksbury, Massachusetts police department was taken over by CryptoLocker. Their most recent back-up on an external hard drive was also corrupted, and their most recent non-corrupted back-up was 18 months old.
The Tewksbury P.D. enlisted the help of the FBI, the Department of Homeland Security, the Massachusetts State Police, and private info-security firms — all to no avail. After nearly five days of unsuccessful attempts to decrypt the locked systems, they decided to pay the attackers roughly $500 in Bitcoin.
Tewksbury Police Chief Timothy Sheehan told the Tewksbury Town Crier, “It was an eye-opening experience, I can tell you right now. It made you feel that you lost control of everything. Paying the Bitcoin ransom was the last resort.”
The demanded costs to unlock your files can vary greatly. The prices can range from $25 up to millions of dollars. It is also important to note that paying the ransom does not guarantee that you will ever get your files back.
According to the State of Ransomware 2021 global survey, the average cost of recovering from a ransomware attack is now 10 times the ransom payment on average, and the average ransom paid was $170,404. While $3.2 million was the highest payment recorded in the survey, the most common payment was approximately $10,000.
Ransomware usually infects a system in one of two ways:
1. Your system may become infected by visiting malicious or unsecured websites.
2. Ransomware infections also come through email attachments or links from untrusted emails or emails that have been hacked.
1. Have and maintain a firewall. – Your first line of defense is a strong and well maintained firewall.
2. Use Anti-virus software. – While no Anti-virus protection is good enough to catch everything….the combination of firewall and AV protection is your best combination for protection.
3. Make sure your pop-up blocker is enabled and working. – Many ransomware infections come in the form of a pop-ups that end users click on, thereby unknowingly downloading a virus.
4. Only go to trusted websites. – Make sure everyone in the office is aware of this policy and state clearly what types of websites are not to be visited under company policy.
5. Only open links and attachments from trusted senders. – If there is any question about the authenticity of the sender, call them to verify that the email is legitimate.
6. Make sure your backups have “multiple restore points.” – One of the most important tips is to make sure your backups can be restored from multiple restore points. Some of the most common backup solutions can only restore to the last known backup. For example, if you leave work today at 5:00pm and at 7:00pm your system is infected with Ransomware and your backups run at 10:00pm….you now have a backup of your data, but unfortunately the backup is of corrupted data.
1. Shut down your computer and disconnect it from the internet immediately.
2. Call the authorities.
3. Call your trusted IT professionals, Integrated Solutions.