By Peter Slayton
It’s a computer nightmare scenario — made real recently for one LCMS congregation that made the local news because of the situation.
The church secretary gets a seemingly innocuous email. Maybe it looks like a vendor invoice to be paid, but she doesn’t recognize the sender. There is an attachment. The secretary opens the attachment, which appears to be gibberish. A dialogue box offers to “clean it up” if she clicks the button, but clicking on it does nothing so she deletes the email and goes off to her lunch break.
When she returns to her desk later that day, all the files on the computer are encrypted and there is a screen on the desktop saying that the files are being held for ransom. If the church wants them decrypted, they will have to pay.
This particular type of threat is called “ransomware,” and according to Trend Micro (an industry leader in computer security), it has been around since 2005, spreading first in Russia before expanding to the rest of the world.
“Ransomware is a type of malware that prevents or limits users from accessing their system,” according to the Trend Micro website. “This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back.”
While some ransomware encrypts the data, as in the scenario above, other kinds will lock the computer screen so that nothing can be used. A ransom is demanded, but the odds are very low that paying it will result in recovery of the data. Law enforcement recommends against acquiescing to any such demands.
In February of this year, an LCMS congregation in the Midwest fell victim to a ransomware infection. Its computer was infiltrated — most likely from opening an email attachment — and all files, including those on the connected backup drive, were encrypted and held for ransom.
Local law enforcement and even the FBI were in contact with the church, but they were unable to do anything to recover the data. Fifteen years of contribution history and all member information were completely lost, and now the membership roster and all other church records have to be rebuilt from the ground up.
There are no 100-percent foolproof methods for securing computers from infection, but there are several basic steps that can be taken to minimize the risk to your church.
- First, back up your data regularly. Daily and weekly backups are recommended so that in a worst-case scenario, at most only a few days of data would be lost. Always have a backup that gets stored somewhere safe (ideally offsite) and disconnected from any computers or networks to prevent any infection from spreading to it.
- Second, never open an email attachment from a sender you don’t know or are not expecting to hear from. Even if such an email looks legitimate, it’s better to contact the sender to verify its legitimacy.
- Third, when browsing the Internet, never click on pop-ups that warn you about your computer being infected or your virus definitions being out of date. This is one of the most common ways that hackers gain access to computers.
- And finally, always keep your security software up to date. Companies discover new threats on a daily basis and release patches as soon as they are available, so falling behind on virus updates can leave you vulnerable very quickly.
You can never be too careful in protecting your data, especially when safeguarding the highly personal details of your congregation members. If your computer or network has been compromised, contact local law enforcement and a computer security technician right away.
To learn more about how to secure your computers against threats like this, the LCMS Information Technology department recommends these resources:
- the “Security Awareness Newsletter.”
- the United States Computer Emergency Readiness Team website.
- the Department of Homeland Security Internet safety guidelines.
And to learn more about ransomware, go to any of the following websites from:
Peter Slayton (email@example.com) is manager of Social Media with LCMS Communications.
Posted March 31, 2016 / Updated April 1, 2016