A ransomware attack happens quickly. A business owner or worker gets an email or a text with an innocuous subject line, like an invoice or a software update, and clicks on the link. Within minutes, a virus locks the computer and encrypts the data. A message pops up demanding $500 or maybe even $1,000 for the encryption key that unlocks the data.
"It happens a lot more than you think it does. I would say more than half the businesses or companies are affected by it," said Dustin Puryear, founder of Baton Rouge-based Puryear IT. "Most companies won't admit to it."
FBI spokesman Craig Betbeze said some consumers are too embarrassed to report they've been infected. Businesses also are reluctant to admit they've been hit because they fear their sales or, in the case of publicly traded firms, share prices will suffer.
That makes it hard to calculate the amount cyber-criminals are collecting through ransomware. Ransomware victims reported making $209 million in payments during the first three months of the year, nearly eight times the amount reported for all of 2015, according to the FBI.
However, data protection firm Datto estimates the damages are much, much higher, about $75 billion a year to small and mid-sized businesses. That's partly because less than a quarter of businesses report the attacks and mainly because the costs of lost productivity dwarf the ransoms themselves.
Puryear IT is a managed services provider. The company provides information technology infrastructure services to clients that want to outsource their IT. It's relatively rare for Puryear's customers to be hit by ransomware.
But most smaller businesses can't afford a managed services provider.
So about once a month, Puryear fields a phone call from someone who isn't a customer but needs help with ransomware. Sometimes they haven't backed up their data. Sometimes they have a local backup, say a USB thumb drive that is always connected to their network. But the local backup also got encrypted so they can't use it restore their files.
"Generally, you end up paying the ransom. If they don't have a good backup, there's no recourse," Puryear said.
Kevin Launey, strategic technology adviser and co-founder of Bios Technologies in Metairie, agreed.
"There's not a lot you can do with the more advanced ransomware out there. They're locked down tight," Launey said.
There are some ransomware variants where the coding hasn't been great, and antivirus companies like Symantec and Kaspersky have cracked the encryption, Launey said. But mostly that doesn't happen.
"The days of some little high schooler in his basement writing code is not what's going on here," Launey said. "This is big business. This is groups that financially are going after people. It's extortion, no other way to put it. Not unsimilar to the mafia back in the day."
John Zachary, a Baton Rouge entrepreneur and IT consultant, recommends that businesses educate their workers about ransomware. Once a person knows what to look for, it's easy to avoid.
"Its something that's easy to prevent and very hard to eliminate once you've been infected," he said. "The reason why it's easy to prevent is, like other malware, people get infected because they kind of do the wrong thing online."
Some people get infected by browsing infected content or sites, like pornography. Mobile apps also can be infected. Google's Android operating system appears to be more vulnerable than Apple's. Victims also can be infected via text message.
"Check your data usage" is a popular method, Zachary said. When the user clicks the link, the ransomware is downloaded to his or her smartphone.
Zachary recommends frequently backing up data. It only costs about $100 for a 128-gigabyte backup USB drive. A business with a recent backup doesn't have to worry about paying a ransom.
The FBI says the backups also should be secured, meaning they aren't connected to computers and networks being backed up.
Puryear said businesses should have local and cloud backups. The practice is mandatory for his clients.
He also recommends restricting the number of people with administrator rights, which allow a person to make system changes, and requiring internet filtering, which restricts the content delivered online.
Zachary said it's also a good idea to make an incident plan.
Businesses have plans for dealing with fires and hurricanes, he said. They should have a plan for dealing with ransomware.
On average, there are more than 4,000 ransomware attacks a day, four times the number a year ago, according to the FBI. Just weeks after its release, one ransomware variant compromised an estimated 100,000 computers a day.
Attempts to infect state agencies are a daily event, and in the past 24 months, almost all agencies have seen malware in various forms or fashions, according to Division of Administration spokesman Cody Wells. All of the attempts were quickly identified and addressed and had limited, if any, effect on any agency's operations.
One reason for the explosion in attacks is that ransomware, like other online products, has become user-friendly for just about anyone. In the past year or so, ransomware as a service has gained popularity, allowing people with few IT skills to launch attacks. Others say the growth in ransomware is attributable to bitcoin, a digital currency that allows cybercriminals to collect the ransom anonymously.
The ransom is usually demanded in bitcoin.
For small companies or individual consumers who've been infected, buying bitcoin can be a real hassle, Zachary said. The crypto currency has to be bought online. It's not available from a bank or a credit card company, and some of the exchanges are kind of shady.
Although bitcoin has caught people's imaginations, it's not exactly mainstream yet, he said.
"The first question I get is, 'What the hell is bitcoin?' ” Zachary said.
Both Launey and Puryear keep a few thousand in bitcoin on hand for ransomware victims.
Launey said a couple of times people came to his company for help. They had no backup. Their financials were locked up. They were basically out of business.
"So $500 of bitcoin seems like an easy way out at that point," he said.
One person got the encryption key and restored his files. The other victim did not.
The FBI advises against paying ransom for a number of reasons. Doing so is no guarantee a person or company will get back their data. Payments encourage cybercriminals to target more organizations and motivate other criminals to get involved in ransomware. Ransom payments also fund other criminal activity.
Still, Launey said there's not really much choice when it comes to ransomware.
Trying to re-create the data that a business has stored for five years is not only difficult and time-consuming, but the cost associated with that task would be "unbelievable," he said.
"It's easy to say, 'Don't send the money,' when it's not your business that's going under because you've just lost everything," Launey said.