ransomware

Cybercriminals are always coming up with more and more ingenious ways of ripping people off online. One of the latest ones – and perhaps the most invasive and insidious – is ransomware. This is when malware – such as Cryptolocker – is downloaded and installed onto the victim’s computer, thereby locking the computer down and making the files on the hard drive inaccessible. The victim then gets a message on the screen telling them to pay a ransom – usually in Bitcoin – and in return they will supposedly get an license key to unlock their system and remove the ransomware.

If the victim refuses to pay up, they will lose their files permanently, or the hacker may even threaten to upload the files to the Internet. For a company with proprietary secrets to protect, this can be devastating, to the tune of $75 billion a year.

Ransomware is becoming a very serious problem, especially for companies, who are increasingly becoming prey to this threat. With business revenue, shareholders, and the company’s reputation to think about, management more or less pays up, rather than take the chance the hacker is bluffing.

But you should NEVER pay. For one thing, you don’t even know if the hacker will keep their word and give you the unlocking key. Second, you are showing them ransomware is effective and it encourages the criminals to keep on doing it.

There are certain things you can do to minimize the risk that ransomware will happen to you. It’s not foolproof, but it can help.

Don’t Click On Unknown Links & Suspicious Adverts

email attachment

There are many ways for ransomware to get onto your computer, but one thing is common in all cases – the user of the computer is the one that installs it (unwittingly of course).

Criminals are inventing ingenious ways of fooling people into installing ransomware. As the public is educated on one method, a new one comes along to take its place. The recent method is malicious Skype adverts. Victims are also fooled with email attachments and website links.

The moral of the story is basically to never click on anything you don’t know and trust. If you get an email attachment from someone you don’t know, delete it (no, there is no $50 billion from a Nigerian Prince). Google Chrome tells you when you are trying to get to a website which is potentially dangerous. Don’t ignore the advice!

Make Sure Your Operating System & All Programs Are Up-To-Date

windows-10-update

This is such a common sense one, but many people don’t even do it, as they see it as too much hassle. But if you fail to keep your operating system and programs updated and patched, you are pretty much opening the door and inviting people in.

Make sure Windows Update is automatically on by default. Check all of your installed programs on a regular basis to see if you get a notification for an updated version of the program. If a security vulnerability has been detected by the company, they will have brought out a patch you urgently need to install. Don’t hesitate!

Install Anti-Virus & Firewall Protection

avg

I’ve heard it said many times these days by so-called “security experts” that there is no need for anti-virus software anymore. All that is needed instead is “common sense”. Well, that to me is a very dangerous and reckless attitude to take, because if ransomware is heading for your computer, you are going to need extremely good anti-virus software to try and get it off your system.

Ones I would recommend would be AVG and Avast. Avast even has a section on their website dedicated to ransomware, with links to decryption tools (more on this later).

A good firewall is also good protection against suspicious threats trying to come into your network from the outside. Windows has its own built-in one but if you prefer something more robust, ZoneAlarm and Comodo are two good ones to consider.

Back Up ALL Your Files EVERY Day

backup

The one stick the hackers use to beat you with to get you to pay up, is the fact they control your critical files. But if you do daily backups of ALL your files, that hold may be somewhat weakened.

Be aware though that ransomware spreads through all mapped drives. So if you have a removable hard drive attached to the computer, and it has a drive letter assigned to it, the ransomware will jump on there too and encrypt everything on that connected drive.

So once you have done your backup for the day, immediately disconnect the removable hard drive from the computer.

It would also be a good idea for you to have a secondary backup in the cloud somewhere. A highly regarded encrypted option is Spideroak.

Un-Enable “Hide Extensions” On Your Windows PC

There are certain Windows file types you need to watch out for (such as VBS, SCR, and BAT), as they are typically the usual suspects for suspicious files. But the big green monster under the bed is most definitely .EXE files. When a virus arrives, it is normally in the guise of an EXE file, which is why email providers typically block EXE files from either being sent or received.

Make sure you have the “hide extensions” option un-enabled on your Windows PC. Why anybody would have it switched on is beyond me, but if you have, get it back off again!

Use a Decryption Tool To Try & Remove The Ransomware

Many decryption tools have made their way online, which claims to be able to remove the ransomware in question. Since I haven’t been a victim of ransomware (he says, heart beating fast and fingers crossed), I can’t test these decryption tools. But since one list is from the Avast anti-virus website, it does lend a lot of credibility to them.

The other list is from the NoMoreRansom website. Since they are less well-known, exercise extreme caution using these tools. But if your system is hopelessly compromised anyway, you may feel you have nothing to lose.

Be aware though that there is no guarantee whatsoever that these tools will work. In fact, they may make the problem even worse. But as I said, if you feel you have no other options, you might decide to take a chance.

Pull The Plug!

plug

If you do accidentally click on a ransomware link or install a ransomware program, disconnect the computer from the Internet immediately.

The program needs to “call home” first before your files can be encrypted, and if you can pull the Internet cable out fast enough, you can limit the damage to your computer. Apparently.

Use Windows System Restore To Roll Back To A Previous Version

system restore

Once you have pulled the plug, you need to get what ransomware code is on your computer off. Run your anti-virus and see what it can remove. Then if you are running a Windows PC, use System Restore to roll your computer back to a previous clean version.

If you don’t have System Restore on, you should. Turn it on!

If All Else Fails, Completely Wipe & Reformat Your Hard Drive

harddrive

If everything else fails, the final remaining option is to completely wipe and reformat your hard drive. If you don’t have a backup of your files, having to wipe the entire system will be devastating, and if you are running a business, having your computers down with a permanent loss of files will be crippling.

But it’s possible that this will be your one and only option. Or you may decide the hard drive is hopelessly compromised, and the only option is to completely replace it. That is a judgment call only you can make, not us.

But the over-riding message here is NEVER to pay the ransomware. It is human nature to panic, but then cooler heads have to prevail.

Mark O'Neill
Mark O'Neill
Freelance journalist and editor living in Würzburg, Germany. Former Managing Editor of makeuseof.com (2007-2013), and contributing writer for other sites such as PC World and Quiet Light Brokerage. Specializing in online security and privacy issues.