For computer users, Ransomware can be among the most frightening forms of malware – suddenly, your screen is replaced by a message from the police, demanding money, or a message saying your files are lost unless you pay a ransom to unlock them.
It’s a booming business – last year it was reported reported that gangs could earn up to $50,000 per day from such malware. This year, the Home Campaign continued to deliver ransomware via infected websites, with up to 40,000 domains infected at one point, according to ESET research.
One particular form of ransomware, filecoders, extort money by encrypting a user’s files and demanding sums to access them. ESET has noted a significant increase in Filecoder activity over the past few months.
Below are some tips that can help – even if you’ve already fallen victim.
Don’t pay the money
No police force on Earth will lock your computer and demand money – the message is NOT from the FBI nor from An Garda Síochána. Do not pay the money! Contact a computer professional instead, if you can’t unlock it yourself. In some cases – especially filecoders – there may be nothing you can do, but an IT professional should be your first stop.
Don’t pirate software, music or movies
Pirate sites offering free music, games or films are often infested with malware – but this summer, cybercriminals are “gaming” Google searches to infect wannabe pirates with ransomware. Ordinary internet searches lead people to such sites – with cybercriminals using “black hat” SEO to push infected sites high up in Google results, and deliver Nymaim ransomware. When searching for downloadable content, especially illegal downloads, it is common to notice questionable websites in the search results. What is unusual in this case is to witness a malware downloaded right away when clicking on a Google result.
Don’t think that if you get past the lock screen, it’s “gone”
It is sometimes possible to get “past” the lock screen displayed by some forms of ransomware – but that doesn’t mean you’re safe. Your computer is probably still infected. Either invest in proper Antivirus software (ESET Ireland’s research shows a large percentage of Irish computer users still entrust their online security to free or even pirated Antivirus software) or contact an IT professional for help.
If you are backed up, you’re “immune” to filecoders
Filecoders rely on one thing – that you keep unique, precious files on your PC. Don’t. You don’t keep family heirlooms in your car – you keep them in a safe. Do the same with your data. If they have backups, than the malware is merely a nuisance, so the importance of doing regular backups is strongly reiterated.
There are, however, at least two “fortunate points” about this malware: It’s visible, not hidden, the user knows he’s infected – unlike many other malware types that could be stealing money/data silently (of course, that doesn’t mean that he’s not infected with something else together with the Filecoder!)
Try and rescue your files
Unless you have in-depth knowledge, you should contact an IT professional to help with Filecoders – and don’t get your hopes up, as many use strong encryption which is basically impossible to break. In some cases, when the Filecoder uses a weak cipher, or a faulty implementation, or stores the encryption password somewhere to be recovered, it may be possible to decrypt the files. Unfortunately, in most cases, the attackers have learned to avoid these mistakes and recovering the encrypted files without the encryption key is nearly impossible.
Learn what “backup” means – and choose the right solution for you
For home users, a simple way to start “backing up” – without delving into complex solutions – is to use cloud services such as Google Drive, Dropbox and Flickr to store documents, music, videos and photos. These services offer free versions, and can at least save some of the most personal files on your computer from being devoured by malware. ESET senior research fellow David Harley, writes, “What do you do if you’re a home or small business user, with no professional system administrator to explain/set you up with RAID, hot sites, replication, and all the other esoteric paraphernalia of disaster recovery? My friend and colleague Aryeh Goretsky’s paper Options for backing up your computer will help you understand the issues much better after reading it, without overdosing on jargon.”