Malware locks up computer files until ransom paid
SAN FRANCISCO -- A new type of malware is spreading throughout the world. It's a scam that has the feel of an international spy thriller. Instead of stealing your personal information, thieves are holding it hostage-locking up your computer files. You can't get it back until you pay.
Attorney Christina Chen was settling in for another workday at her San Francisco law office when suddenly something sinister shook her world.
"I thought it was a joke, until the message popped up," said Christina Chen.
Christina was trying to open a file on her computer when everything went blank and a threat appeared on her screen. She was stunned -- a malicious software had taken over her computer, locked all of her files and if she wanted them back she would have to pay a ransom.
"They actually call it a ransom. You have to pay a ransom," said Christina Chen.
It's the work of an underworld organization called Cryptowall operating in Russia or Eastern Europe. Christina frantically tried to open other documents -- all were locked. Twenty years of case files, bank records, tax returns, photos, letters.
"Every one of them, the same popup -- then I knew it was no joke," said Christina Chen.
"Some victims are paying upwards of $10,000 to get their files back," said Keith Jarvis, Dell SecureWorks.
Jarvis is investigating Cryptowall, as is the FBI. Experts say criminals infect computers with a virus called ransom-ware -- which basically kidnaps files and holds them hostage. Cryptowall has infected more than 800,000 computers worldwide since February - a quarter million in the United States. Already victims have paid out more than $1 million in ransom.
"They'll first charge you $500 if you pay immediately or within a few days that's the price. If you wait a few more days they'll jack the price up to $1000 or even $1500," said Jarvis.
Cryptowall steers victims to this screen with a countdown clock to pay or the price goes up. And they must pay in bitcoins -- an untraceable currency as mysterious to victims as Cryptowall itself.
"It reads like a spy movie or an international conspiracy. It's very surprising it would happen to an ordinary person like myself," said Christina Chen.
The Cryptowall message told her 'don't waste time -- no other solutions exist.' Security experts say there is no way to unscramble the Cryptowall coding. Victims escape only if they've backed up their files somewhere else, Christina did not -- even her tech consultant said just pay up.
"$500 -- I was actually willing to pay reluctantly. They have you over a barrel you know," said Christina Chen.
"I was pretty shocked that there are these types of viruses out there that basically take a gun to people's head," said Edgar Chen, Christina's nephew.
Edgar is a computer whiz Christina called as a last resort. He searched for a way to unlock the files -- impossible -- until, a small miracle.
"There was one possible solution -- that's something called a shadow copy," said Edgar Chen.
Edgar found it hidden in Christina's computer -- the "Windows Restore Feature." It automatically backs up files but only if the user had turned it on. Was Christina's activated?
"We went to shadow copy, and there were all her files," said Edgar Chen.
Amazingly, whoever set up her computer 10 years ago did turn on the restore feature. Just by checking that little box copies of every file were resting there.
"I think I'm very lucky," said Christina Chen.
"We were definitely both extremely happy," said Edgar Chen.
"I think people should know, it can happen to anyone," said Christina Chen.
Cryptowall is infecting thousands more computers every month mostly by sending phishing emails that look real. You click on a link in the email, the virus crawls into your computer. Don't click on emails you aren't expecting and protect yourself by backing up files in a separate place.
