Ransomware: What is it?
Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed.
There are many different kinds of Ransomware
We have seen many types of ransomware instances in our shop, but the two most prevalent are the ones that put child pornography on your computer along with a fake government warning citing criminal codes for having such content on your device, or display the government warnings/criminal codes only stating that your device has been tracked as visiting sites that contain child pornography, or the ones that take over and encrypt your files and demand payment to decrypt them.
Making the News
In this article: http://www.wsmv.com/story/27732818/ransomware-scam-leaves-victims-powerless People were infected with ransomware that put pornographic images of children onto their device and then demanded a payment of $500 to remove it. The victims are trapped and feel like they can’t go to police so they pay the ransom.
DO NOT PAY THE RANSOM – THE CRIMINALS WANT YOUR PAYMENT INFORMATION – DO NOT GIVE IT TO THEM – EVER
How does Ransomware get on a device?
In almost all instances the user is duped (tricked) into installing the ransomware onto their computer. This can come from clicking a link in an email that looks legitimate but isn’t to visiting a website that has been hacked and had the ransomware installed to it so when you visit the compromised site you download the ransomware.
Using public WIFI can allow people to install ransomware onto your computer if you have file sharing on. It is IMPORTANT that when you are using public WIFI do not have file sharing on or network discovery. For home/work networks this is fine but not for unsecure networks. Also, as a side not you should never (NEVER EVER) perform any type of purchases or account management of any type (going to your bank website or school portal etc). Public WIFI is just that, public, it is unsecure and people are able to sniff your activities out and test to see if your device is secure or not.
How to Prevent
Tales from the Tech Bench: Cryptolocker
Earlier this week a customer brought a computer to the repair shop saying they were unable to access files and that everything else on the computer worked fine.
Our Techs fired it up and found the computer had been hijacked by a program called Cryptolocker which takes all of your files/documents and encrypts them. Then when you go to open them it directs you to pay a ransom for the key to decrypt them.
The latest version of this MALWARE also deletes all the unencrypted versions of the files, deletes any restore points, and deletes any shadow copies. This leaves very little recourse to recover the data outside of either paying the ransom ($1,000 in this case) or getting some professional IT help.
If this happens to you DO NOT give any payment information to 'decrypt' your files. They are criminals and will not keep your information secure.
Our technicians were able to restore most of the data for the customer but not everything was retrievable. To combat this sort of MALWARE you should always have an offsite backup of your important files or folders, just having an external HDD plugged into your machine wouldn't work in this case. Also, be very careful with downloading programs online. If you are downloading something from Google, like Chrome for instance, the URL should read something.google.com.
You can see in the image above that the three good Google results for 'Get Firefox' are legitimate because they contain the correct domain name between the www. and the .com. This is very important to verify before downloading anything. The bad link is pretty obvious here because it resolves to a different domain all together.