By Michael Cochrane, World Magazine
The hostage drama that played out at First Presbyterian Church of Birmingham, Mi., last May ended well—no shots were fired and no one was injured. But then, this hostage drama didn’t involve people. What was taken hostage was the church’s data—the main server housing all church records and staff files. First Presbyterian Church of Birmingham had just fallen victim to the latest trend in cybercrime: ransomware attacks.
Ransomware is a term for a new type of malicious software that can infect a computer—and any drive or network to which it is attached, usually through a link or attachment in an email. Once on a computer, it automatically encrypts files so they can’t be accessed and then displays a message demanding payment—an electronic ransom note—to decrypt the files. The ransom note typically has a countdown clock giving the victim up to 72 hours to pay, often around $300 but as much as several thousand, as well as step-by-step instructions for sending the money using bitcoins (untraceable digital currency) or a prepaid debit card.
First Presbyterian’s data hostage drama could have turned out much worse. The church, a member of the Presbytery of Detroit (PCUSA), chose not to pay the ransom because it had backed up all its data files to an offline site, not connected to its main server. But many of the millions of individuals and business hit with ransomware attacks have no choice but to pay the ransom—with no guarantee the cyber crooks will decrypt their files.