TONAWANDA, N.Y. (WIVB) - Watching where you click online, and thinking twice before you open an attachment is the best way to guard yourself against a vicious virus making the rounds, according to the FBI. This one is scarier than some because it tricks you into thinking it’s from the FBI or the Department of Homeland Security. Experts call the virus “ransomware” because it takes over your computer and holds your files ransom.
Ed Hamilton found out about it too late. “It’s very, very scary,” he recalled.
Hamilton opened his email one morning, clicked on a website he visits all the time, and suddenly his screen went black. His webcam came on, and then, he got the dreaded pop-up. “I really got scared. The site is very official, and the first thing that goes into your head is What in the world did I just do?'”
Hamilton was staring at a “warning” that appeared to be from the Department of Homeland Security. The pop-up claimed Hamilton broke the law and needed to pay a fee. The virus activated his webcam and took his picture. “I can’t get into my computer. It’s blocked, and it has my picture — not a very flattering picture, but it has my picture on the screen,” he explained.
Feds need your help
News 4 Investigates sat down with Holly Hubert, Assistant Special Agent in Charge at the FBI’s Buffalo office. She told us about a version of the virus that looks like it’s from the FBI. Hubert says, “In a way that makes us a victim, too. It makes us put our game-face on and exercise a full-court press and work very hard to identity and bring these individuals to justice.”
The pop-up claims you have violated U.S. laws; it tells you to pay a fine using a prepaid calling card to get your computer’s files “unlocked”.
Tracking down the hackers is tough. Hubert says many hide out in eastern Europe. “Foreign governments are not required to comply with our laws in terms of when we serve subpoenas or letters to try to retrieve documents.”
If you get the virus, federal investigators need your help. File a complaint at www.ic3.gov. Your report could help highly trained cyber-agents find the hackers.
What is ransomware?
For expert help News 4 Investigates turned to Kyle Cavalieri, Director of Computer Forensics and Investigations for DIGITS LLC. Cavalieri says you can get that infection in a couple of different ways.
The first is referred to as a “drive-by download.” Cavalieri explained, “Essentially, what happens is if you’re browsing out to a website, you click on a particular link, and it may take you to a nefarious site. It may download a payload or some files on your system. Then, it will open up a back door which will allow a hacker to deploy tool sets and in this case crypto-locker or ransomware onto the system and then encrypting the files onto the system.”
You can also become infected by opening a faulty attachment in an email. “Every scenario is a little different. In my experience, it lives on the machine for a couple days or weeks. It’s aggregating information that it’s looking for. It may be exploiting browsers that are on the system itself putting extra fields onto [your] webpage,” Cavalieri warned.
WATCH KYLE CAVALIERI ANSWER QUESTIONS ABOUT RANSOMWARE:
What should you do?
Cavalieri advises against paying the ransom. He says, instead, “Make sure you completely erase the hard drive, and rebuild a new windows operating system on [your computer].” Call an expert if you aren’t comfortable doing the scrubbing yourself. Cavalieri says you should always backup important files, photos and documents.
Hamilton says the virus ruined his computer. He’s getting by using a tablet for now but says eventually he’ll buy a new laptop. “If they’re that good at doing what they did to me on my home computer in my house, on my living room chair, taking my picture and associating that with that website, my God, I hope they’re doing something about it,” Hamilton concluded.