In the last several months we have seen an enormous surge of cases involving various Ransomware viruses on our client’s computers. I thought this would be a good time to write a little about the most serious variant of Ransomware. Ransomware is a type of malicious software (malware) that infects a computer and restricts access to it until a ransom is paid to unlock it. The authors of ransomware instill fear and panic into their victims, causing them to click on a link or pay a ransom, and inevitably become infected with additional malware, including messages similar to those below:
- “Your computer has been infected with a virus. Click here to resolve the issue.”
- “Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine.”
- “All files on your computer have been encrypted. You must pay this ransom within 72 hours to regain access to your data.”
I have written about the first two in a previous blog that can be viewed here. This time I want to talk a little about the third message. When you get this message, it means that you have the most serious of the variants of Ransomware. This particular version actually encrypts all of your files so that you can no longer access them.
There are several versions of this variant such as Crypto-Locker, Xorist, CryptorBit, CryptoDefense, and CryptoWall just to name a few. Ransomware can get on your PC from nearly any source that any other malware (including viruses) can come from. This includes:
- Visiting unsafe, suspicious, or fake websites.
- Opening emails and email attachments from people you don’t know, or that you weren’t expecting.
- Clicking on malicious or bad links in emails, Facebook, Twitter, and other social media posts, instant messenger chats, like Skype.
It can be very difficult to restore your PC after a ransomware attack – especially if it’s infected by encryption ransomware. That’s why the best solution to ransomware is to be safe on the Internet and with emails and online chat:
- Don’t click on a link on a webpage, in an email, or in a chat message unless you absolutely trust the page or sender.
- If you’re ever unsure – don’t click it!
- Often fake emails and webpages have bad spelling, or just look unusual. Look out for strange spellings of company names (like “PayePal” instead of “PayPal”) or unusual spaces, symbols, or punctuation (like “iTunesCustomer Service” instead of “iTunes Customer Service”).
Below are some example screenshots of Ransomware examples:
If you think you may be infected by a version of the Crypto Ransomware virus, the first thing you need to do is to shut down your computer. The longer the computer runs, the more files it will encrypt and there is no way currently known to break a 256 bit encryption. This doesn’t mean that all of your files are lost. If you power down your computer fast enough and then contact a reputable computer repair service (like Kelly Computers), there is a chance that we can recover some or maybe even all of your files. All versions of Windows starting with Windows Vista creates Shadow Copies of your entire hard drive by default. The only problem is that you need special software in order to recover files from those Shadow Copies. Also, the longer the computer runs, the more chance that the Shadow Copies will be corrupted or erased by the virus. This is defiantly a case where time is of the essence.
Just remember, if you even suspect that your computer may have an infection, please power down immediately and call us.