MY mother received the ransomnote on the Tuesday before Thanksgiving. It popped up on her computer screen soon after she’d discovered that all of her files had been locked. “Your files are encrypted,” it announced. “To get the key to decrypt files you have to pay 500 USD.” If my mother failed to pay within a week, the price would go up to $1,000. After that, her decryption key would be destroyed and any chance of accessing the 5,726 files on her PC — all of her data — would be lost forever.
CryptoWall 2.0 is the latest immunoresistant strain of a larger body of viruses known as ransomware. The virus is thought to infiltrate your computer when you click on a legitimate-looking attachment or through existing malware lurking on your hard drive, and once unleashed it instantly encrypts all your files, barring access to a single photo or tax receipt.
Everyone has the same questions when they first hear about CryptoWall:
Is there any other way to get rid of it besides paying the ransom? No — it appears to be technologically impossible for anyone to decrypt your files once CryptoWall 2.0 has locked them. (My mother had several I.T. professionals try.)
But should you really be handing money over to a bunch of criminals? According to the Internet Crime Complaint Center, a partnership between the F.B.I. and the National White Collar Crime Center, this answer is also no. “Ransomware messages are an attempt to extort money,” one public service announcement helpfully explains. “If you have received a ransomware message do not follow payment instructions and file a complaint.” Right. But that won’t get you your files back. Which is why the Sheriff’s Office of Dickson County, Tenn., recently paid a CryptoWall ransom to unlock 72,000 autopsy reports, witness statements, crime scene photographs and other documents.
Finally, can law enforcement at least do something to stop these attacks in the future? Probably not. Many ransomware viruses originate in Russia and other former Soviet bloc countries. The main difficulty in stopping cybercriminals isn’t finding them, but getting foreign governments to cooperate and extradite them.