CHARLOTTE, NC (WBTV) - Running a community dental practice in Monroe, NC, Dr. Rob Johnson never thought he'd be on the radar of cyber hackers.
Until his office was hit by ransomware.
"This is something I have heard about and read about but I wondered how it could happen to me," Johnson said.
He thinks it hit the office computers after someone opened an email that looked like a legitimate job application. It was not and clicking on the link in the email likely installed the malware that allowed the hackers to hold his data for ransom.
"In our case it was $600 and you have to pay in bitcoin. We were in disbelief. Then they said if you don't pay within 7 days they double your fine or ransom," Johnson told WBTV.
We reached out to the Charlotte office of the FBI to see how significant a problem ransomware is in this country. They tell us it is such a big threat that the Internet Crimes Complaint Center added ransomware to the categories for which it collects statistics. In 2015, the first full year of gathering that information, people across the country lost $1.6 million to ransomware. People in North Carolina alone lost $162,000.
"You have nothing to be ashamed of if this has hit you. The brightest companies and the brightest people have called us and said they've fallen victim. It happens," said WBTV Cyber Expert Theresa Payton.
Within her cyber security company she gets calls from people who want her advice on what to do about ransomware.
She says the best way to protect yourself is to make sure your computer files are thoroughly backed up and you have good anti-virus programs. Still that doesn't necessarily protect you and while typically Payton wouldn't suggest giving in to hackers, in this case it can sometimes be the best option.
"Don't be ashamed if the best thing for you is to pay. People would understand. You need your information and you have to get back to business and life," she said.
Dr. Johnson chose not to pay. Instead his staff is trying to re-create all patient files.
"We're doing okay but it is a lot of extra work. We're making phone calls and doing paperwork. We also now have backups, and backups to backups," he said.
The FBI does not condone the paying of ransoms. For more information on the FBI tracking ransomware schemes, click here.
We reached out to the North Carolina Office of the Commissioner of Banks to learn more about using bitcoin in the state and any attempts within the state legislature to regulate it. A representative sent us the follow statement:
"The Money Transmitters Act (MTA) requires any money service business (including those that transmit virtual currency) operating in NC to be licensed by NC. Both the current law and proposed bill are intended to ensure consumer funds are transmitted from point A to point B as required by law. Though the law does not and is not intended to deal with ransomware, the bill would provide NC with authority to supervise licensed companies for anti-money laundering and Bank Secrecy Act violations, and as such, would act to exclude so-called "dark websites."
Acting as a money service business without a license would be a violation of law, and any entity caught doing so would be referred to the appropriate state or federal law enforcement authority for action.
There are a host of state and federal laws that deal with cybercrime that fall outside of the MTA, and are therefore not within our jurisdiction.
We will continue to work together with the state and federal agencies to do what we can to help stop these criminals. We also welcome input from consumers and industry to inform us of any suspicious activity."