Just sharing a little bit of info for those who may not have seen this:

High-tech kidnappers don’t bother taking your loved ones hostage. They hold your data for ransom instead.


Malware attacks that hijack your computer files until you pay a ransom increased by 500% from January to December last year, reaching 600,000 identified cases, according to a report released Tuesday by the security software company Symantec. And the kidnappers may not take cash. The criminals increasingly demand cryptocurrencies like bitcoin as payment, and have raked in some tens of millions of dollars in the last year.


The ploy, called ransomware, is actually a decade-old tactic. But thanks to the anonymity of bitcoin, attackers who once masqueraded as law enforcement officers to convince consumers to hand over money in exchange for their files no longer even need a cover story, according to the report. About 3% of infected users hand over ransoms ranging from $100 to $400.


“How do you get the money if you’re a bad guy without getting caught? In 2005 or 2009, these guys didn’t have a good way,” says Kevin Haley, director of security response at the Mountain View, Calif.-based company. “The bad guys…they love these kinds of currencies.”


The process works like any malware: A user clicks on a link, usually an email attachment, which infects the computer. Then it locks them out of their computer, and a pop-up message details ransom instructions that must be fulfilled by a deadline to get the encrypted files back.


It’s lucrative: Symantec estimates that CryptoDefense, a ransomware that cropped up in February, made more than $34,000 in just one month. The strain is a copycat of CryptoLocker, which began surfacing in September.


Is identity-theft insurance worth it?
Priya Anand discusses why these policies may not offer as much protection as you think.


The criminals often give their victims a decryption key to get back their files after receiving a ransom. For small businesses that haven’t backed up files, it becomes a game of chance, says Stu Sjouwerman, CEO of the Clearwater, Florida-based security consulting and training company KnowBe4.


“If you have a choice between losing a month’s worth of work or playing the game, you’re going to…just pay up and hope it doesn’t happen again,” he says.


Police in Swansea, Mass. paid $750 in ransom after their computers were struck by CryptoLocker in November, according to local media reports . In Charlotte, N.C., lawyer Paul Goodson installed a new phone system at his law firm this year that sends voicemails to individuals’ inboxes. The firm received an attachment in an email that resembled a voicemail message — but it ended up being a CryptoLocker attack.


“It looked like a valid email from our phone system,” Goodson says. He couldn’t pay the ransom in time but says he recovered 80% of his firm’s files through back-ups.


CryptoLocker accounted for only 0.2% of ransomware detections in December, but the attack is getting attention. The Department of Homeland Security issued a warning about CryptoLocker in November, and the United Kingdom’s National Crime Agency followed suit later that month.


Ransomware will likely “be crazy on mobile devices,” Haley says, because attackers will exploit the fact that consumers keep their smartphones close by even when they sleep at night.


“If they were to be at risk of losing what’s on their cellphones, I’m sure the price they would pay would be phenomenal,” Haley says.