Billy and Theresa Niedermayer, of Winnipeg, fell victim to a type of malware called “ransomware,” which holds a computer system and its files hostage until a ransom is paid.
Prior to being hit with the scam, the two had taken many precautions to protect themselves online. They make it a practice to never open random emails and regularly back up their files on an external hard drive that plugs into their computer.
But they recently noticed that their system was slowing down, and they couldn’t understand why until a pop up window appeared one day.
The message in the window said that more than 260,000 of their files had been encrypted, locked and were being held hostage. The couple were instructed to pay a fee in Bitcoin currency to have the files unlocked, and access restored.
Theresa Niedermayer said that the message didn’t seem real.
“It feels like something out of a movie. All of a sudden the time clock appears on the computer, it starts ticking backwards, and you’re on a timeline before your fine doubles,” she told CTV Winnipeg.
Billy Niedermayer said the ransomware went beyond their hard drive, infecting his accounts on Google drive, Dropbox and his cloud account.
According to Public Safety Canada, scammers who use ransomware extort millions of dollars a year from victims. They have been known to target both PCs and Macs, and have even started attacking smartphones.
“It’s upsetting, and you wonder what people want to do with your files, if they’re trying to get banking information (or) if there’s identity theft,” Theresa Niedermayer said.
The federal agency advises against paying the ransom, but the Niedermayers said they had no choice. They paid more than $800 in online Bitcoin currency to have their files unencrypted and returned to them.
Now, they have a warning for others.
“Back up your files, unplug the (external) hard drive from your computer,” Billy Niedermayer said. “Get it off of there; do not keep it plugged in.”
Once their files are returned, the Niedermayers plan to have their hard drive professionally wiped, and will change their IP address.