Ransomware can be among the most frightening forms of malware – suddenly, your screen is replaced by a message from the police, demanding money, or a message saying your files are lost unless you pay a ransom to unlock them. Our tips will help you fight back.
For computer users, a form of malicious code dubbed ransomware can be among the most frightening forms of computer invasion – suddenly, your screen is replaced by a message that appears to be from the police, demanding money, or a message saying your files are lost unless you pay a ransom to unlock them.
It’s a booming business. Last year, security researcher Brian Krebs reported that gangs could earn up to $50,000 per day from such malware. This year, the Home Campaign continued to deliver ransomware via infected websites, with up to 40,000 domains infected at one point, according to ESET researcher Sebastian Duquette.
One particular form of ransomware, referred to as filecoders, are designed to extort money by encrypting a user’s files and demanding payment to access them. “We’ve noted a significant increase in filecoder activity over the past few summer months,” says ESET researcher Robert Lipovsky.
One of the most prevalent examples of this type of malware is called CryptoLocker (numerous versions of this are detected by ESET antivirus products as Win32/Filecoder).
Below are some tips that can help – even if you’ve already fallen victim.
Don’t pay the money
No police force on Earth will lock your computer and demand money – the message is NOT from the FBI. Do not pay the money. Contact a computer professional instead, if you can’t unlock it yourself. In some cases – especially filecoders – there may be nothing you can do, but an IT professional should be your first stop.
Don’t pirate software, music or movies
Pirate sites offering free music, games or films are often infested with malware – but this year, cybercriminals have been “gaming” Google searches to infect wannabe pirates with ransomware. Ordinary Internet searches lead people to such sites – with cybercriminals using “black hat” SEO to push infected sites high up in Google results, and deliver Nymaim ransomware, according to ESET researcher Jean-Ian Boutin. He notes: “When searching for downloadable content, especially illegal downloads, it is common to notice questionable websites in the search results. What is unusual in this case is to witness a malware downloaded right away when clicking on a Google result.”
Don’t think that if you get past the lock screen, it’s “gone”
It is sometimes possible to get “past” the lock screen displayed by some forms of ransomware – but that doesn’t mean you’re safe. Your computer is probably still infected. Either invest in AV software or contact an IT professional for help.
If you are backed up, you’re “immune” to filecoders
Filecoders rely on one thing – that you keep unique, precious files on your PC. Don’t. You don’t keep family heirlooms in your car – you keep them in a safe. Do the same with your data. “If they have backups, than the malware is merely a nuisance,” says ESET researcher Robert Lipovsky. “So, the importance of doing regular backups should be strongly reiterated.”
“There are, however, at least two “fortunate points” about this malware: It’s visible, not hidden, the user knows he’s infected – unlike many other malware types that could be stealing money/data silently (of course, that doesn’t mean that he’s not infected with something else together with the filecoder!)”
Try and rescue your files
Unless you have in-depth knowledge, you should contact an IT professional to help with filecoders – and don’t get your hopes up, as many use strong encryption which is basically impossible to break. “In some cases, when the filecoder uses a weak cipher, or a faulty implementation, or stores the encryption password somewhere to be recovered, it may be possible to decrypt the files,” says Robert Lipovsky. “Unfortunately, in most cases, the attackers have learned to avoid these mistakes and recovering the encrypted files without the encryption key is nearly impossible.”
Learn what “backup” means – and choose the right solution for you
For home users, a simple way to start “backing up” – without delving into complex solutions – is to use cloud services such as Google Drive, Dropbox and Flickr to store documents, music, videos and photos. These services offer free versions, and can at least save some of the most personal files on your computer from being devoured by malware.ESET senior research fellow David Harley, writes, “What do you do if you’re a home or small business user, with no professional system administrator to explain/set you up with RAID, hot sites, replication, and all the other esoteric paraphernalia of disaster recovery? My friend and colleague Aryeh Goretsky’s paper Options for backing up your computer will help you understand the issues much better after reading it, without overdosing on jargon.”