Ransomware is still out there

What is Ransomware?

It is a piece of malware that gets installed on your computer – usually without you knowing about it.  Once installed it works to “Encrypt” all your files. You will not be able to open any of your files from this point on.  Your pictures, documents ect.  will all have a different file extension.  Then holding your files at ransom until you pay a fee.  Many large notable companies have fell victim and paid ransom

encrypted-files
Encrypted files

In the example above:  a photo would have a .jpg file extension – see where all the .jpg extensions have been turned in the .crypt extensions.  Now you cannot open these files.

 

Where do you get it?

The most common deployment of ransomware is through email attachments however it is not limited to them.  The examples that I have seen have come into the computer as an email.  The individuals received and email from a phony “fedex” and one from a phony “The Cancer Society”.  Once the email was opened, there was an attachment that had a MS Word document attached.  The Word document had a script in it that was the infection.

I am infected!

If you get infected with a ransomware you will see a page showing you a page that will tell you your data has been encrypted and what they want to fix it.   Sometimes they falsely pose as the government or police services indicating that you broke the law and that the fee is fine.

1280px-Ransomware-pic
Ransomware example screen – posing as the department of justice

The message can be a nice official looking page or just simply text.  Either way they ask for money – usually in bitcoins ( which cannot be tracked )  in order to provide you with the key to decrypt the data.

Faced with this situation what are my options…i-do-not-negotiate-with-terrorists-

I personally feel very strongly about this matter.  I do not and will not pay a ransom.   Encouraging them to continue this crime.

Your options are : 

Pay: You pay to be decrypted – knowing that they might take your money and run… leaving you with your files still encrypted.

System Restore:  Sometimes a system restore will bring back your computer enough to recover your files.  – but a reinstall is necessary after your files are recovered.

Decryption tools – some of the ransomware has been broken by security companies and if you have one of the versions that has been broken you can use a tool to decrypt your files.  Here is a list of tools available :  Tools

Reinstall – I would highly recommend a reinstall of your operating system after this attack regardless of your chosen solution.

Ransomware Prevention

Protect yourself!

 Create a backup of your important files! 

The first thing to do is get your backups in order.  If your computer was to be infected.  We could just reinstall your operating system if you had a working backup.  So don’t pay the ransom!  Use your backup!  It is a cost free solution that protects us from not only ransomware but from hardware failure as well.  * keep your backup drive unplugged after backup (Ransomware will encrypt all drives attached to your computer)

The Dropbox/Google Drive/OneDrive/etc. applications should be not turned on by default. Only open them once a day, to sync my data, and close them once this is done.

Don’t Enable Macros

Microsoft office documents have “Macro” abilities.  Little programs within the programs that help with productivity.   However these can be used to create the ransomware as well.  Please make sure your macro feature is disabled in your office programs.  Here is some help  with that.

Careful with your Email

Be careful when you have an email with an attachment. Never open spam messages or their attachments.   Big companies usually send attachments in PDF form not word.  Be suspicious.  Verify what extension your attachment is before you click on it!

Never click the links in a spam email message.

Updates

Make sure your operating system and your software are up to date.  Any vulnerabilities that the company knows about will be fixed with an update.

Internet Browsers

Run them clean.  Don’t run  plugins .  Disable any plugin that your can.  Set the plugins to ask before they activate.

With the exception of AdBlocker  – in google chrome you can use this extension to help protect you against malicious ads.

Software Protection

When you have a large office full of computers and many individuals to deal with  – you may need some software protection as you can’t watch out for everyone.

Conclusion

Bottom line – BACK YOUR DATA UP!

More information on Backing up can be found here.

As always.. call me if you need help!

 

 

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s