×

Holy bitcoin, they've locked up my computer

Nascar race team fell victim

Just days before a big race, an up-and-coming Nascar team suddenly found the crew chief's laptop going haywire and all the team's critical files locked up.

The team was the victim of a ransomware attack, a type of virus that locks up computer files until money is paid.

"A message popped up that said my files had all been encrypted. ... The only way to get it back is to pay a ransom," said Dave Winston, the crew chief for Circle Sport-Leavine Family Racing.

Ransomware cost Americans between $24 million and $28 million in 2015. It's growing exponentially, according to the FBI.

An easy business to enter

The reason? "[Ransomware] is an easy business to get into. There are kits out there that you can buy on the deep dark web and start your own little ransomware company, and many of these end up actually being successful," said Marcin Kleczynski, the CEO of Malwarebytes, a cybersecurity company that focuses on thwarting malware.

The criminals target everyone, including consumers, small businesses and major corporations.

"Its targets of opportunity could mean your grandma or grandpa, or a corporation down the street, such as a health-care provider," said Will Bales, a Chantilly, Va.-based FBI supervisory special agent in charge of ransomware probes.

Still, 57 percent of victims are consumers, according to cybersecurity company Symantec. That means critical banking files, previous tax returns and personal photos can be locked up.

Dave Winston, the Circle Sport-Leavine Family Racing crew chief, with the laptop that was attacked
CNBC
Dave Winston, the Circle Sport-Leavine Family Racing crew chief, with the laptop that was attacked

When the Nascar team was hit, it decided to pay, purchasing a bitcoin, a virtual anonymous currency from a special ATM. After hours of waiting, the team received a decryption key.

"It was huge relief when we got the key. ... Pretty much everything came back," Winston said.

However, the FBI advises against paying ransom, even small amounts like the Nascar team did.

"They now know that you are susceptible and want to pay them," the FBI's Bales said. "This could encourage them to continue and target more people down the line."

The Circle Sport-Leavine Family Racing #95 competes in the Nascar Sprint Cup Series.
Source: Circle Sport Leavine Family Racing
The Circle Sport-Leavine Family Racing #95 competes in the Nascar Sprint Cup Series.

Ransom sticker shock

A ransom request can cause sticker shock. The average payment demand nearly doubled in 2015, according to Symantec.

"On the business side, the sky's the limit. We've seen requests for millions of dollars, but usually they end up settling for tens of thousands," said Malwarebytes' Kleczynski.

Bringing the criminals to justice is unlikely.

"It's very difficult to attribute where the ransomware came from, and every specific case is vastly different. We've seen ransomware attacks from Europe, we've seen ransomware attacks from Asia and we've seen ransomware attacks from the United States," Kleczynski said.

Here are some steps you can take to avoid being a victim.

The Circle Sport-Leavine Family Racing headquarters in Concord, NC
Giovanny Moreano | CNBC
The Circle Sport-Leavine Family Racing headquarters in Concord, NC

Beware of email attachments

While there are many ways that ransomware can get into your computer, the FBI's Bale said email attachments are a common method.

"The emails can look like they're from a friend, or family, or just maybe a reputable organization, but it's actually not. And the attachment is laden with malware in it. And once you've opened the attachment, your computer is infected," he said.

"If you're not expecting an email from somebody, it's OK to call that person and ask them if they meant to send that email. Or if that email was from them. It's inconvenient, but it is less inconvenient than infecting your entire computer or network," he said.


Back up your data

The best way to prevent ransomware is to have a secure backup, which allows you to restore files without paying the ransom.

"Secure backups are key. Make sure that files are backed up regularly, and you should test those backups so that the first time you try your backup is not because of a ransomware event," Bales said.