For no identifiable reason, other than it's an easy
and effective way of making money, 2013 has seen a huge surge in ransomware --
the malicious programs that seize control of your computer and then demand
payment to unfreeze it. Its simplicity and the alarming implications of not
being able to get at the valuable data in your computer triggers a panic
reaction that still works extremely well for the crooks.
Although there are no overall official figures, in
one instance alone, 700,000 machines in Spain
were hijacked, so it's likely that tens of millions have been targeted
worldwide. And in another incident, one gang was estimated to have netted $5
million from a single extortion racket.
How Ransomware Works
You're happily working away or surfing when a
warning pops up on your machine. The most common current one claims to be from
the FBI, the Department of Justice or other law enforcement agency, saying your
machine has been locked because of illegal activity. Usually, it suggests
you've been downloading "adult" images and, in recent instances, it
even flashes up supposed examples of what it claims you've been viewing.
Or it may suggest you've violated copyright laws by
downloading pirated videos or music. The ransomware may even activate your
webcam, showing your image and implying that you're being watched. The warning
says you've been fined -- usually $200 -- and tells you to send a money-wire
for the charges to be dropped and for a password to unlock your machine.
In other cases, the warning simply says you have a
virus on your machine and that, for safety's sake, it has been locked. In this case, paying a "fee" is
supposed to enable a piece of software to clean up your PC and then get it
going again.
But there are many other variations. The bottom
line is that if the machine freezes and you're asked to pay to unlock it,
you've been hijacked. No legitimate software or law enforcement agency works
this way.
How to Avoid or Deal with Ransomware
The most obvious way of beating the ransomware
crooks is by avoiding getting the malware on your PC in the first place. Here's
our 10-point defense formula.
1. Using reputable anti-virus software and keeping
it up to date will stop it dead in its tracks in most cases.
2. Don't click on links and attachments that come
from people you don't know.
3. Even if you do know the sender, be wary about
clicking.
Is the wording of the message unusual, vague or
impersonal? Is the subject line or message text dramatic or does it claim to be
a bill or receipt of some sort? These
are red flags.
4. Don't visit dubious websites, including
"adult" sites or any flagged up by your Internet security software as
being questionable. That's where the malware most often lurks.
5. Keep your data (documents, photos etc.) on a
separate disc or partition from your operating system (e.g. Windows), so that
if your system is hijacked your data will remain intact no matter what you have
to do next to get back in business.
6. Back up both your system and your data regularly
-- at least daily for your data and weekly for your operating system.
7. Create an emergency boot disk or USB
drive that will allow you to restart your PC if the machine has been hijacked.
How you do that depends on your operating system
and is beyond the scope of this article, but most operating systems and backup
software will enable you to do that. You'll need to check your software
documentation or search on-line for information on how to do it.
If You're Hijacked...
If you get a ransomware message, switch off your
machine. If your computer won't let you, hold down the power
button until it goes off.
8. If you know how to do it, restart your machine
and go to "safe" mode, and then try to use system restore or system
refresh to turn back your machine to an earlier date.
From safe mode, you might also be able to download
a ransomware removal tool (search online for it) and use that. But be very
careful it's not more malware! Or use someone else's machine to search for and
download a ransomware removal program onto a flash drive that you can boot
from. Check your computer documentation on how to start your machine from an
external device.
9. If these options are not available, use your
emergency boot disk (Point #7) to restart your machine (again, you'll need to
check your documentation on how to do this), and reinstate your system backup.
10. If that doesn't work, you may need to reinstall
your operating system and rebuild your setup. But if you've followed our
earlier advice, all your data will be unaffected and intact.
If all of this is too tough for you, get
professional help. Above all, don't pay the ransom or provide any personal
information! There's no guarantee the crook or the software will provide the
password to unlock it. Even if it does, it won't remove the ransomware from
your PC; it could easily spring to life again.
Based on an article from scambusters.com