Pay to unlock computer files? Church targeted in ransomware attack

David Eppelsheimer, pastor of the Community of Christ Church in Hillsboro, scrolls through encrypted files on one of the church's four computers.

A local church says it was hit by cyber criminals in a ransomware attack, a type of crime the FBI says is on the rise.

In ransomware attacks, computers are taken over by a virus and messages show up telling users to pay up in order to regain access to their files.

"It locks down those files and locks down any files that that computer system's attached to on a shared drive," said Beth Anne Steele, an FBI spokeswoman.

"It's kind of creepy," said David Eppelsheimer, pastor of the Community of Christ Church in Hillsboro.

He told KATU he's drained after dealing with a ransomware attack.

"Thursday afternoon I went to work on a PowerPoint file for worship," Eppelsheimer said, "and couldn't open it, discovered that it had an extra little MP3 tag on the end of it, couldn't figure out what was going on, started looking at other files and realized that everything on our system, I didn't realize it at the time, but had been encrypted."

And the file folders containing the files included virtual ransom notes in different file formats all saying the same thing in relatively polite language.

"All your files were protected by a strong encryption," the notes said, in part. "Wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW!"

Eppelsheimer showed the notes to the church's information technology consultant.

"We began the process of figuring out what we can do about it and discovered that the only thing we could do was to pay the ransom," said Eppelsheimer.

That wound up costing $570 and a lot of frustration in part because Eppelsheimer said Bitcoin is tough to use.

"It's frustrating. It does feel invasive," he said regarding the entire ordeal. "It's an expense that we weren't counting on."

Eppelsheimer said he received a decryption key after paying and it works but, "We're still finding files or folders in files that we have to decrypt."

The church reported the crime to the FBI, which couldn't tell KATU about the investigation, although Steele provided tips on how to protect yourself.

"Make sure that you don't click on links or download attachments that you aren't 100 percent sure that that they're legit," said Steele. "Make sure that you have good antivirus software and that you make sure that your computer is updating whatever software is there on a regular basis. The third and the most important thing that you can do is to make sure that you have backups. ... You should have three copies on two different kinds of media and preferably one in an alternate location, an off-site, offline location."

Steele said the FBI usually can't unlock your computer when ransomware attacks happen and admitted it's tough to prosecute any one case.

But she said it's important to report them.

"We take that information," Steele said. "We look for the kind of ransomware that's on there, the indicators that are there, try to trace back to whomever or whatever criminal organization is responsible for that ransomware and then, as a whole, we try to go after an organization."

Steele said ransomware attacks can be reported through the FBI's Internet Crime Complaint Center (IC3) or the Oregon Cyber Task Force.

close video ad
Unmutetoggle ad audio on off