Church hostage drama part of new cyber crime trend

The hostage drama that played out at First Presbyterian Church of Birmingham, Mich., last May ended well—no shots were fired and no one was injured. But then, this hostage drama didn’t involve people. What was taken hostage was the church’s data—the main server housing all church records and staff files. First Presbyterian Church of Birmingham had just fallen victim to the latest trend in cybercrime: ransomware attacks.

Ransomware is a term for a new type of malicious software that can infect a computer—and any drive or network to which it is attached, usually through a link or attachment in an email. Once on a computer, it automatically encrypts files so they can’t be accessed and then displays a message demanding payment—an electronic ransom note—to decrypt the files. The ransom note typically has a countdown clock giving the victim up to 72 hours to pay, often around $300 but as much as several thousand, as well as step-by-step instructions for sending the money using bitcoins (untraceable digital currency) or a prepaid debit card.

First Presbyterian’s data hostage drama could have turned out much worse. The church, a member of the Presbytery of Detroit (Presbyterian Church USA), chose not to pay the ransom because it had backed up all its data files to an offline site, not connected to its main server. But many of the millions of individuals and business hit with ransomware attacks have no choice but to pay the ransom—with no guarantee the cyber crooks will decrypt their files.

“You are likely never to get your files back,” said Kevin Haley, director of Symantec’s Security Response, who told NBC News victims should never pay computer hackers’ ransom demands. “On the positive side, if none of us paid the ransom, these guys would go out of business.”

Besides backing up your files and disconnecting external hard drives, most experts recommend not clicking on unrecognized emails or websites and ensuring your security software is up to date.

Law enforcement agencies, security companies, and academic institutions have had some recent success in taking down the criminals behind Cryptolocker, the first of a potent wave of ransomware that emerged in 2013. The MIT Technology Review reports that, at its peak around October 2013, Cryptolocker was infecting 150,000 computers a month. Over the course of nine months, it is thought to have generated about $3 million in ransom payments. Other ransomware with names like Cryptowall and CTB, now are gaining traction. Cryptowall reportedly infected more than 250,000 computers in the United States between March and August 2014.

Because it’s easier than stealing credit card or banking information, many experts believe computer criminals have seized upon ransomware as a new business model, which will only feed the growing threat.

The recent rise in ransomware attacks prompted the FBI to issue a report last month warning the crime is a threat not only to home computer users, but also to “businesses, financial institutions, government agencies, academic institutions, and other organizations.”

“We’re seeing more and more infections,” Bogdan Botezatu, senior threat analyst at security company Bitdefender, told the MIT Technology Review. He generally advises victims not to pay but admits he understands why many do. “Once you fall victim to ransomware, there is absolutely no way to get your data back without paying. But if you pay, you are only encouraging this business and funding their research and development.”