SPARTANBURG, S.C. (WSPA) – Damages from cybercrimes worldwide are expected to total $6 trillion for last year alone.

The biggest way hackers are getting that payload is through ransomware.

An Upstate non-profit that became a victim has an important warning on how to avoid this highly destructive and costly hack.

For a non-profit, whose mission is to help children reach their highest potential, it has been heartbreaking for First Steps of Spartanburg Executive Director Barbara Manoski to learn firsthand how low hackers can go.

“You know, our work is so directed toward good, towards making the lives of young children and their families better. To building a stronger more healthy and prosperous community, why in the world would someone want to do this to us?,” said Manoski.

Just a few weeks back Manoski and IT Director Eddie Burkholder got a call from the South Carolina Law Enforcement Division warning of a ransomware attack after suspicious emails were being sent purportedly from First Steps.

The hackers also sent a ransomware message telling the non-profit their files were “encrypted” and locked down by the extension they called “Chernobyl.”

The cyber criminals wanted “$11,000 in bitcoin” to release the files.

“It was just a nightmare,” said Manoski.

Burkholder and SLED’s investigation revealed the hackers got in through a Microsoft vulnerability in their email server and likely laid dormant for weeks or months.

“What they typically do is they will access your network, set that bomb in there somewhere and then at some specific time they go back, and they just activate it and boom, you’re done,” said Burkholder.

“What agent Walker said was that we were the sixth non-profit to be hit in the state with this,” said Manoski.

How Hackers Get In:

The Federal Trade Commission warns there are four main ways hackers infiltrate your computer or network.

  • Scam emails with corrupt links
  • Infected websites that download malware
  • Online ads that contain malicious code
  • And server vulnerabilities, like what happened at First Steps

How To Protect Yourself:

Backing up your computer or network is more crucial than ever. You can use trusted backups like Google Drive, iCloud and Carbonite. They will set you back a few dollars a month but can save you lots of headaches.

Also, make sure your browsers like Chrome, Safari and Excel are up to date.

Finally, install the latest anti-virus protection on your computer.

Fortunately, First Steps did have that system in place, so they didn’t have to pay the ransom.

And while the cost of rebuilding the damaged servers and computers was more expensive, it was also safer than paying up.

“Cause a lot of times you send that money, and they don’t unencrypt your files and you still have to rebuild,” said Burkholder.

What’s worse, there are sites on the dark web that will sell these sophisticated programs that encrypt data and walk a buyer through how to get it installed on somebody’s network, so anybody with a little computer knowledge can try to make money off a victim.

Even after First Steps created a new domain server and moved their email offsite, the cyber criminals are still sending out emails pretending to be with this non-profit trying to lure-in new victims.

Manoski urges non-profits and small businesses to invest in infrastructure like offsite servers and firewalls that will protect them.

And she warns anyone who uses a computer is vulnerable.

“You’re not exempt from this. I mean, if they’ll go after a non-profit, they’ll go after anybody won’t they,” said Manoski.

If you have a consumer story you would like Diane Lee to investigate, click here.