Mac users beware: Ransomware could be on your computer (copy)

It was a brazen cyberattack on what would seem an unlikely target for a criminal: a law enforcement agency.

Ransomware infected two Mount Pleasant Police Department computers Dec. 12, forcing them to be taken off the network. 

With these kinds of attacks on the rise, experts say everyone from government agencies to everyday consumers should take precautions. The culprits may not even care about who they target.

Ransomware, simply defined, is a type of malicious software that hijacks a computer, smartphone, tablet or similar type of computing device and holds it hostage until the user pays a ransom fee. It relies on social engineering — a process that involves human psychology and tricking people into breaking normal security protocol.

"Ransomware has been around for quite some time," said Joe Opacki, vice president of threat research for the Charleston-based cybersecurity firm PhishLabs. "It is so successful of a scam. (There's) a lower barrier of entry today to this type of scam."

So-called "ransomware as a service" is an emerging trend, Opacki said. A criminal who has little to no knowledge of cybersecurity or computer programing can purchase a ransomware kit and use it to begin infecting devices.

Novice cybercriminals like these are likely spreading ransomware indiscriminately and may not realize if they end up targeting a government or law enforcement agency. Many may be operating from outside of U.S. jurisdiction. 

This type of cyberattack has become so popular because of how simple it is and because payment is demanded in difficult-to-track cryptocurrencies like bitcoin.

"They're taking out the middlemen," Opacki said. "A large percentage of these cybercriminals are essentially novices. With virtual currencies, the transfer of funding is anonymous. Usually these types of crimes are borderless."

A ransomware attack usually comes in two forms.

First is an email with an attached document or other file that has the malicious computer code embedded in it. If an unaware or clumsy user clicks on the link, the virus makes its way onto the machine and blocks access to the files.

A second, slightly less common method will be a link to an infected website that uses the web browser to hijack the entire device.

"With these social engineering attacks, (users should) remain vigilant about all the messages they're receiving," Opacki said.

According to a report published Dec. 8 by Kaspersky Lab, an international cybersecurity and anti-virus provider, ransomware experienced a bit of a revolution in 2016.

Attacks on business increased three-fold between January and the end of September, and one in five small- and medium-size businesses that paid the ransom did not get their data back, according to the report. New types of ransomware attacks were seen this year, including disk encryption, which blocks access to the entire hard drive instead of select files.

"Social engineering and human error remain key factors in corporate vulnerability," the report said. "One in five cases involving significant data loss came about through employee carelessness or lack of awareness."

Reba Campbell, deputy executive director of the Municipal Association of South Carolina, said her organization has programs to train information technology and other staff on dealing with cybersecurity issues.

The training includes best practices that run the gamut from not giving out one's password to not opening strange email attachments, Campbell said.

"We haven't heard of any incidents of this among our member cities, but that's not to say it doesn't happen," she said. "We try to integrate IT security into training across disciplines."

Aside from the recent Mount Pleasant police case, South Carolina saw at least one other ransomware attack in 2016.

Horry County Schools paid $10,000 to unlock files after a ransomware attack in February, according to media reports.

In another case out of state, the Carroll County Sheriff's Office in Arkansas paid $2,440 to recover files after ransomware breached their system earlier this month, according to an article in the Arkansas Democrat-Gazette.

But many organizations have gotten to the point where their data is secure, Opacki said.

Mount Pleasant police isolated the infected computers and were able to avoid paying a ransom because their files were backed up.

"A higher number of people are not paying the ransom," he said. "With proper policies and user education, it's easy to identify some of the social engineering attacks. Security awareness is key."

Sign up for our daily newsletter

Get the best of The Post and Courier, handpicked and delivered to your inbox every morning.

Reach Gregory Yee at 843-937-5908. Follow him on Twitter @GregoryYYee.

Gregory Yee covers breaking news and public safety. He's a native Angeleno and previously covered crime and courts for the Press-Telegram in Long Beach, CA. He studied journalism and Spanish literature at the University of California, Irvine.