Community Care of St. Catharines and Thorold is still reeling from a cyberattack that shut its computers down for more than a week.
The local food bank’s CEO, Betty-Lou Souter, said Community Care’s systems are back up and running, but the ransomware attack has reinforced the need for cyber-vigilance.
“It is easy to open the door, but once it’s open it can be very hard to close,” Souter said.
She said Community Care’s servers were attacked by the NW4 ransomware virus at 11:26 p.m. on June 28.
No one is sure how the virus got into the server, but when Community Care’s staff arrived for work on June 29, they couldn’t use their computers.
Souter said every computer screen displayed a message that said all the computer’s files were encrypted. To get access to them, Community Care would have to buy an encryption key for the price of $3,000 in Bitcoin, a unit of currency frequently used by cybercriminals.
“We didn’t pay that, obviously,” Souter said. “I immediately called our technical support guy, and he told us not to touch anything.”
She said Community Care backs up its computer files on a regular basis. The technician wiped the computers and restored them using those backed up files.
Souter said Community Care’s client information files were unaffected because they are not stored on the physical server, but on a cloud.
Nevertheless, it took nearly a week for Community Care to have full access to its computers. The only data lost was information that hadn’t been captured in the most recent backup.
Cybersecurity expert Ken Owen from Astutus Analytics said ransomware attacks are common and are a means of digital extortion.
“It is right in the name when it comes down to it,” Owen said. “When we think of ransoms we think of crimes like kidnapping. This is essentially the same thing. Your files are being held for ransom by bad guys who want you to pay to get them back.”
Ransomware viruses are being produced by cybercriminals all the time. Owen said the criminals use emails that appear to be legitimate messages from banks or other trusted institutions to trick a user into clicking on a link that will install the virus.
“Other times someone might be on a website they shouldn’t be on and have clicked something they shouldn’t have clicked,” he said.
Once in a computer, the virus encrypts all the files, and the program sends the user message demanding money in exchange for the decryption key.
“Will you get that decryption key and get your files back if you pay? Well, maybe. Sometimes they won’t decrypt your files. They don’t care because they have your money,” Owen said.
While the designers behind ransomware will sometimes target specific organizations, most are playing a numbers game, Owen said, by setting their virus loose in the digital wilds. Most users will not click on a fraudulent email or suspicious link, but enough people will and enough of those people will pay the ransom.
In most cases, Owen said, the criminals are after money, not data. Although a criminal will have the means to encrypt the data on a victim’s computer, it is still time-consuming and difficult to steal all that data and then sift through it to find something useful such as banking information.
It is easier and usually more profitable to play the numbers game and count on some victims paying up.
Owen said organizations need to invest in good anti-virus and anti-malware programs to inoculate themselves from ransomware.
However, he cautions that there is a predator versus prey evolutionary war going on between designers or ransomware and those who build anti-malware software. Every time a defence is designed, the criminals look for ways to get around it and release a new version of a virus.
Owen recommends organizations back up their data frequently and enact policies that prohibit certain kinds of activity, including conducting personal business on corporate computers, as a means of reducing vulnerability to ransomware.