Ransomware is the newest form of malware that’s hitting computers, tablets and phones. Instead of maliciously deleting your data or taking over your computer to use in a botnet, it’s nothing more than extortion. So what is it, and what can you do about it?
The best known ransomware is CryptoLocker. It was released in September 2013 and targets all versions of Windows. When a computer is infected, it encrypts your files – photos, documents, videos, etc – so you can’t access them. You then have to pay a ransom, typically around $300, to unlock your files. If you don’t pay, the price goes up, and then eventually your files are deleted. Security experts estimate that so far, the hackers have extorted over $27m from their victims.
Following the release of CryptoLocker, other similar viruses have started spreading. CryptoDefense, released in February 2014, also targets Windows computers. Other ransomware includes Kovter, which locks you out of your computer until you pay, often claiming to be an official government lock.
And last week, iPhone, iPad and Mac users in Australia found themselves victim of a ransomware attack launched by “Oleg Pliss”. This latest variant uses the Find My iPhone or Find My Mac locking system to lock users out of their devices unless they pay up to $100.
How do you get infected?
CryptoLocker and others spread via the same routes as most viruses: typically as an attachment in an email, or as a tempting link on a Web site. It relies on gullibility and naive users. We can’t stress this enough – don’t click on links unless you’re sure they’re from a reputable source. If you weren’t expecting an email from your bank, from Fedex, or from the IRS, it’s probably a fake. Free money, a better love life, naked celebrities… if it seems too good to be true, it’s probably a scam.
The Apple attack is still a little mystifying. Apple are investigating, but the likelihood is that it came about by the hackers simply using names and passwords stolen from elsewhere to guess people’s Apple IDs. With massive data breaches recently from eBay, Adobe, Target and Sony, there’s a lot of information available to hackers. If you’re using the same username and password on many different sites, you’re leaving yourself open. It’s like having the same key for your home, your office and your car – a thief only needs one key to access everything you possess.
What should you do?
When you’re hit by ransomware, there are two things you have to do.
First, get rid of the virus. In most cases, a standard anti-virus tool will do that. However, there’s a catch. Some ransomware will delete your files if it detects you trying to get rid of the virus. We recommend checking with a security expert first.
If you’re locked out of your computer completely, getting rid of the virus can be tricky. You may be able to use the System Restore tool to get rid of everything. If you’re not sure how to do that, then take it to someone who does. It can be a complicated procedure.
Then you need to get your data back. Decryption is next to impossible. You can pay, but there is no guarantee that the criminals will release your files. You’re probably just wasting your money. The best solution is to restore from a backup. Before you do so, check your files carefully and scan them for viruses – the last thing you want to do is to reinfect your computer.
So, in summary:
- Install an anti-virus tool and keep it updated – we recommend a managed antivirus product
- Make sure you keep a regular off-site backup – we recommend Carbonite
- Don’t use the same password on many different sites
- If you had accounts on any of the big sites that were hacked, change your login details everywhere
- If in doubt, bring your computer to an expert – we’re here for you, 24/7!