AG Church Held for Ransom?

It used to be that one of the easiest ways for scammers to make big money was simply follow disaster — pose as a legitimate contractors, make big promises, and take advantage of desperate victims. Today, as at least one AG church discovered, all it takes for a scammer to make quick money is for someone to click on the right (or in the case of the church, the wrong) link.

Recently, a small AG church in the Wisconsin-Northern Michigan District (WNMD), opened an email and then the attached file — when they did, a “ransomware” virus took control of their computer, demanding a payment if they ever wanted the files on their computer to be accessible again.

Although some might blame the church for opening an unsolicited email, this email was actually sent by the church secretary to herself as a reminder to do a certain task. That’s right, she was opening her own email!

According to Mark Morton, the Help Desk team lead in the Assemblies of God national office’s IT (Information Technology) department, the chances are good that the ransomware was already on the church’s computer and attached itself to the document so that when it was opened, it would be launched.

But how did it get on the church’s computer in the first place? Jeremy Rakowski, the IT specialist for the WNMD, explains that it’s not that difficult. “In an IDG recent report I read that 93 percent of all phishing/spam emails now contain some form of ransomware.”

According to the International Data Group (IDG), targeted victims can be anyone, including the average user, businesses, law enforcement or government agencies, emergency services, healthcare organizations, educational institutions, religious organizations, and financial institutions.

Rakowski says that even if victims pay the ransom to gain access to their computers again, it’s no guarantee that the computer will be released. “There was a hospital in California who paid the ransom, and their computers were released and they could access their files again; another hospital in Missouri paid the ransom, and nothing happened.”

Morton explains that it’s not as simple as just not opening emails from unrecognized addresses, because sometimes the addresses are recognizable businesses’ or individuals’ names that have been pirated and/or greet a person by name.

“Now, when I get an email with a link, before I click on it, I hover my cursor over that link to make sure the name that appears matches up to the link name,” Morton says. “If it’s a long string of numbers and letters, it’s a good sign that the link is not what it says it is and in all likelihood contains some form of ransomware.”

IDG says that religious organizations’ networks, especially in smaller churches that don’t have their own IT staff, are “often infected with malware [malicious email] because their personnel are not trained to ignore phishing emails and are unaware of cyberthreats.” IDG also sites two examples of churches targeted in February of this year with ransomware attacks.

“What makes ransomware profitable for criminals is that they rarely demand exorbitant fees,” Morton observes, “Most demand a fee that is easier for a person or organization to pay than it is going through the headache of having to purge and wipe your entire system and then reload it from a back-up system . . . assuming you have your files backed up.”

Rakowski also warns that owners of Mac computers, which have historically been less susceptible to computer viruses, should not be lulled into a false sense of security as more and more ransomeware viruses are now “Mac friendly.”

And as IDG points out, if a team sends out thousands or even millions of malicious emails, if only a small percentage are infected and pay the ransom, it results in not only easy money, but significant money.

“Some ransomware will not only lock you out of your computer, but it will also infect any computer or drive networked to that computer,” Morton says, “including your back-up drives.”

Rakowski says that one way to help keep back-up drives from falling victim is to unplug them after every back-up. However, he admits, if the virus is latent (meaning it’s already on a computer, but has not yet been activated), the back-up will now have the virus as well, so even after reinstallation, it shouldn’t be assumed that the system is now virus free and should be carefully scanned by software for viruses.

Glenn Tofte, the IT Director at the IDCAG (Illinois District Council of the Assemblies of God), says the district’s computers were attacked by a ransomware virus when someone who regularly receives résumés by email, received one that was malicious — not realizing it until after he opened the file.

Although they were able to isolate the problem quickly due to their advanced training, Tofte shares some sound advice for computer users to consider:

• Be highly suspicious of any file that ends with a “.rtf” as that’s the preferred type of file for malware.

• If you’re expecting a file, but something still doesn’t look quite right, upload it to virustotal.com where 50 antivirus softwares search the document for a virus for free.

• Look for clues — does the sender’s email address end with a period followed by two letters (codes for other countries). Are you expecting an email from out of the country?

• In addition to standard virus software, consider installing a free (or paid) version of the utility called CryptoPrevent by Foolish IT on your computer. Antivirus software looks for patterns and signatures, meaning it’s already struck computers. CryptoPrevent is behavior based, basically meaning if something attempts to write or modify files in a place it shouldn’t, it will block it — it’s only available for Windows-based computers at this time.

• If a company contacts you by email, such as eBay, directing you to click on a link as a security precaution or because there’s something wrong with your account, instead of clicking the link, access the website through typing in the known address into your browser.

The Federal Trade Commission (FTC) also has a vast resource of online downloadable helps, scam information, as well as free materials available to order. For churches interested in bulk orders of free publications from the FTC, they can find everything from campaigns to scams, identity theft, online safety, and much more on the FTC site.

Educating staff, keeping abreast of the latest scams to be watchful for, maintaining a back-up system, having the right kind of protection on your computers, and treating all emails with a healthy suspicion all help in keeping a church’s or individual’s computer virus free. But Rakowski, Tofte, and Morton agree, ultimately, when it comes to any computer becoming infected with a virus, it’s not a matter of if, but when.

Image used in accordance with CC BY-SA 2.0 license. Photo credit: Christiaan Colen, Flickr

Source: AG News

Leave a Reply