HOUSTON – Small businesses are being increasingly targeted by a malicious code that locks computer files and forces victims to pay a ransom. The FBI calls this crime "ransomware."
"It's a kind of panic," said Mark Stefanick, president of Advantage Benefit Solutions. "It was not a comfortable feeling. It's just a violation, you feel like somebody entered your home."
Stefanick received a call while traveling that every single file in his company's computer system had been encrypted by a virus. The virus essentially locked he and his employees out of the very files needed to run the business.
"You're essentially out of business at that point, correct," asked KPRC 2 Investigator Robert Arnold.
"Out of business, that's right," Stefanick said.
Stefanick said an employee opened an email attachment that infected the system with a malicious software. However, Stefanick said the cybercriminal who sent the email used a clever ploy to trick his employee into clicking on the attachment.
"We're all used to the 'You've won $20 million or you've won a free trip,' but this was different," said Stefanick.
Stefanick said the email was masked so that it appeared to come from a company his company was doing business with and the attachment dealt with a subject his employee was working on at the time.
"They had enough knowledge about this business that we were doing to know how to mask the email so it would make it easier to open," said Stefanick.
Stefanick said what followed was a ransom demand; pay $400 and get the files decrypted or don't pay and stay locked out.
"My first thought was, 'We're not paying these people anything.' It's unscrupulous, it's illegal," said Stefanick.
Stefanick said when he found out it would take his IT team anywhere from 1 to 90 days to decrypt the files on their own, he begrudgingly paid the ransom. For Stefanick, it was a small price to keep the business going.
"It made it impossible to pass up," said Stefanick. "It's the last thing I wanted to do but in the end it was the best thing I could do for my business and for my clients."
Within an hour of paying the ransom the hacker sent the code needed to decrypt the files. Stefanick said no information was stolen or compromised. The hacker was never caught.
The FBI's Internet Crime Complaint Center reports between April 2014 and June 2015 it has received 992 "ransomware" complaints, costing victims more than $18 million in losses.
"Does it take a high level of skill to pull off this crime?" asked Arnold
"Not anymore,' said University of Houston computer security expert, Chris Bronk.
Bronk said high level cybercriminals, typically operating overseas, have made committing this crime relatively easy by renting out so-called "exploit kits." Bronk said someone who has almost no computer coding skills can now rent the software needed to infect a system.
"They can download the software package, they point it in the direction they want it to go and the software does the work," said Bronk. "It's almost instant money for whoever perpetrates it."
Bronk said "ransomware" can come from visiting a malicious website, clicking on a pop-up ad or an email attachment. However, the "social engineering" used to trick Stefanick's employee into opening the email shows cybercriminals are evolving their tactics.
"They actually know their targets," said University of Houston computer security graduated student, Anthony Moyegun. "Facebook makes things easier, if I want to know something about somebody I can just go on Facebook."
The FBI and Bronk warn users to never operate their computers without running continually updated antivirus software and a firewall. Both recommend installing popup blockers so you don't accidentally click on any malicious ads, always back up computer files and never open an email attachment until you have personally verified the sender.
"Our computers need all sorts of care and feeding, but we don't do it," said Bronk.