Wednesday, July 3, 2013

How to Beat Ransomware Crooks

For no identifiable reason, other than it's an easy and effective way of making money, 2013 has seen a huge surge in ransomware -- the malicious programs that seize control of your computer and then demand payment to unfreeze it. Its simplicity and the alarming implications of not being able to get at the valuable data in your computer triggers a panic reaction that still works extremely well for the crooks.

Although there are no overall official figures, in one instance alone, 700,000 machines in Spain were hijacked, so it's likely that tens of millions have been targeted worldwide. And in another incident, one gang was estimated to have netted $5 million from a single extortion racket.


How Ransomware Works

You're happily working away or surfing when a warning pops up on your machine. The most common current one claims to be from the FBI, the Department of Justice or other law enforcement agency, saying your machine has been locked because of illegal activity. Usually, it suggests you've been downloading "adult" images and, in recent instances, it even flashes up supposed examples of what it claims you've been viewing.

Or it may suggest you've violated copyright laws by downloading pirated videos or music. The ransomware may even activate your webcam, showing your image and implying that you're being watched. The warning says you've been fined -- usually $200 -- and tells you to send a money-wire for the charges to be dropped and for a password to unlock your machine.

In other cases, the warning simply says you have a virus on your machine and that, for safety's sake, it has been locked.  In this case, paying a "fee" is supposed to enable a piece of software to clean up your PC and then get it going again.

But there are many other variations. The bottom line is that if the machine freezes and you're asked to pay to unlock it, you've been hijacked. No legitimate software or law enforcement agency works this way.


How to Avoid or Deal with Ransomware

The most obvious way of beating the ransomware crooks is by avoiding getting the malware on your PC in the first place. Here's our 10-point defense formula.

1. Using reputable anti-virus software and keeping it up to date will stop it dead in its tracks in most cases.

2. Don't click on links and attachments that come from people you don't know.

3. Even if you do know the sender, be wary about clicking.

Is the wording of the message unusual, vague or impersonal? Is the subject line or message text dramatic or does it claim to be a bill or receipt of some sort?  These are red flags.

4. Don't visit dubious websites, including "adult" sites or any flagged up by your Internet security software as being questionable. That's where the malware most often lurks.

5. Keep your data (documents, photos etc.) on a separate disc or partition from your operating system (e.g. Windows), so that if your system is hijacked your data will remain intact no matter what you have to do next to get back in business.

6. Back up both your system and your data regularly -- at least daily for your data and weekly for your operating system.

7. Create an emergency boot disk or USB drive that will allow you to restart your PC if the machine has been hijacked.

How you do that depends on your operating system and is beyond the scope of this article, but most operating systems and backup software will enable you to do that. You'll need to check your software documentation or search on-line for information on how to do it.


If You're Hijacked...

If you get a ransomware message, switch off your machine. If your computer won't let you, hold down the power button until it goes off.

8. If you know how to do it, restart your machine and go to "safe" mode, and then try to use system restore or system refresh to turn back your machine to an earlier date.

From safe mode, you might also be able to download a ransomware removal tool (search online for it) and use that. But be very careful it's not more malware! Or use someone else's machine to search for and download a ransomware removal program onto a flash drive that you can boot from. Check your computer documentation on how to start your machine from an external device.

9. If these options are not available, use your emergency boot disk (Point #7) to restart your machine (again, you'll need to check your documentation on how to do this), and reinstate your system backup.

10. If that doesn't work, you may need to reinstall your operating system and rebuild your setup. But if you've followed our earlier advice, all your data will be unaffected and intact.

If all of this is too tough for you, get professional help. Above all, don't pay the ransom or provide any personal information! There's no guarantee the crook or the software will provide the password to unlock it. Even if it does, it won't remove the ransomware from your PC; it could easily spring to life again.

Based on an article from scambusters.com