How Much Is the Bulk of Your Data Worth?

June 8, 2016
Gx As

We are in an emerging era of digital information. It is an evolution that continues unabated for the most part. Efficiency has reached new heights because of it. But there’s also a very real downside. E-mails, digital work flows, business information models (BIM), telematics numbers, job site machine control data, and a flow of seemingly endless ones and zeros pertaining to everything about a company, contractor, or project are all at risk of being taken hostage.

Master everything from OSHA regulations, to high-tech safety equipment in this FREE Special Report: Construction Safety Topics That Can Save Lives. Download it now!
Ransomware is a very real threat…one we are trying to understand. We’re considering what it is, what it does, and if anyone is safe from it.

Gary Hayslip is the Deputy Director and Chief Security Information Officer for the City of San Diego, CA. He wrote the “Cyber Hygiene” Safety column that will be in the special technology October 2016 issue of Grading & Excavation Contractor magazine.

When I came across a story in the news about a hospital having to deal with ransomware and discovered that it was indeed a very real threat, I reached out to Gary once again to help me explain what it is, and what you can do about it. Here are his answers to my handful of questions:

Grading & Excavation Contractor (GX): First, what exactly is “ransomware?”

Gary Hayslip (GH): It is a type of malware that quietly installs itself on a victim’s computer, and then restricts their access in some way. Typically, this restriction is noticed by the user, because they will get a pop-up message on their screen that states their computer is now locked or important files have been encrypted. Of course, part of this friendly notice will be some type of demand requesting a form of payment to unlock the user’s computer or provide the key to unencrypt their files. Some of these ransomware attacks are just “scareware,” in that they just pop-up a message with dire warnings saying the “computer is infected and you need to pay some money to use our version of software to remove the infection.” Some such as “Cryptlocker” are just stone-cold encryption attacks that will encrypt the data on the computer and look for share drives to encrypt data there. If you have an attack like cryptlocker there is no message saying, “We are here to help; you are infected and you need our product” like scareware does. Instead, cryptlocker or one of its variants puts up a message with a clock counting down that states “you will pay us this amount (usually bit coin) within a specific timeframe, or you will not get the key to unencrypt your files”—basically, “pay us within a set timeframe,” or you’re screwed.  

GX: How does it infect a computer or computer network?

GH: Typically, it is spread to a computer or a network through phishing e-mails that have an infected attachment, or from what we call “drive-bys”. A drive-by is when a user visits an infected website, and while on the website they may receive a pop-up stating something innocent like, “To better view this website, you should enable this add-on.” Of course, if the user clicks on it, they just installed the malware that is now loading itself behind the scenes on their machine.

GX: What exactly does it do to the computer and its files/programs?

GH: See https://en.wikipedia.org/wiki/Ransomware and look at the “Operation” section. A big thing to note here is that when a machine gets infected, this ransomware infects it down at the boot level or the partition table. For non-technical people, it means this stuff is designed to burrow into the files on how the computer turns on and what files the computer uses to understand how to load itself correctly—in a human analogy, it’s like having a brain tumor…except one that wants money.

GX: Is paying the ransom the only way to get rid of it?

GH: Understand that if you have ransomware on your machine and you make a payment to get your computer or files back—you have only done just that; you got your stuff back. You have not cleaned your machine; nor have you removed the ransomware that’s still on your device. There are several options:

  • Don’t pay them: just realize you have lost your stuff; so erase your computer and reload it.
  • Pay them, and you have a 50/50 chance of actually getting your information back—you are dealing with criminals, so understand they aren’t always honest, and you also need to be aware of the fact that even if you get the key to unlock your computer, they probably have a copy of your data, which will be for sale. So if you are lucky to get it unencrypted, the first thing I would do is pull the data off of the machine and scan/clean it, erase the machine, and reload it—and then, depending on the data that was encrypted (i.e. personal information, financial information, etc.), I would proceed to change all of my passwords, request new credit cards, and operate in an “pre-identity theft mode.”

GX: How can you protect yourself against ransomware?

GH:  I would refer to this website as a good reference https://www.us-cert.gov/ncas/alerts/TA16-091A. From this link, under the section “solution”, much of what is recommended I describe in my Cyber Hygiene article, but with more of a focus on the computer and applications.

GX: Thank you, Gary.


Have you had any experiences with ransomware? If you have, I would like to know about it!