Ransomware – Your money or your Files

anothercomputerTo protect your computer, your identity, your privacy and your files, you’ve had to learn to defend against, spam, scams, worms, Trojans, other malware, fake anti-virus schemes and bots.

Now there’s a new threat to protect against. Called ransomware, this malware takes over your computer and blocks you from accessing your computer or some of your files. Some ransomware encrypts your files, documents, pictures, etc., and so this malware type may also be called a cryptovirus, cryptotrojan or cryptoworm. In either form, users of infected devices are told to pay the ransom or lose their files and control of their computer.

Ransomware first surfaced in Eastern Europe in 2009, and it spread across Europe. Over the course of 2012, hundreds of thousands of people across the world have sat down at their computers and discovered a ransom message. Security experts say they’ve counted over 16 sophisticated criminal cyber-gangs extorting millions from victims across Europe.

Cybercriminals behind the ransomware attacks have now turned their attention to the U.S.

warningThe ransom note may claim to  be from the FBI or some other law enforcement agency and claim you’ve done something illegal on your machine (for example, claim you’ve downloaded images of child exploitation, participated in online gambling or visited piracy sites) and then demand payment – often called a ‘fine’ varying in amounts from $100 to $400 dollars. Rest assured, no legitimate law enforcement agency operates this way.

In other ransomware cases the criminals claim to be from other organizations like the hacker group Anonymous. Regardless of whom the cybercriminals claim to be, the extortion is profitable.

According to an article in the New York Times, cybercriminals are making more than $5 million a year through this exploit. Security researchers estimate that about 3% of computer owners decide to pay the ransom, but this varies considerably by country. In some countries, the percentage of computer owners who pay is as high as 15%.

These gangs are smart. The NYT article says the “latest variants speak to victims through recorded audio messages that tell users that if they do not pay within 48 hours, they will face criminal charges. Some even show footage from a computer’s webcam to give the illusion that law enforcement is watching. And that “the messages often demand that victims buy a preloaded debit card that can be purchased at a local drugstore — and enter the PIN. That way it’s impossible for victims to cancel the transaction once it becomes clear that criminals have no intention of unlocking their PC.”

Don’t pay the ransom! Few who pay ever regain control of their computer or have their files restored by the crooks. Instead, most infected users have to hire a computer security/technology company to manually remove the virus – and this usually means erasing everything on the computer hard drive, risking the loss of all their files, photos, etc.

While law enforcement and security companies are working to shut down these criminal gangs, the sheer scope of the problem combined with the need for interagency and cross company coordination makes the task daunting; particularly as these criminals are sophisticated at covering their tracks and destroying digital evidence.

Highlighting the efforts of Charlie Hurel, an independent security researcher based in France, the NYT article outlined how he “was able to hack into one group’s computers to discover just how gullible their victims could be. On one day last month, the criminals’ accounting showed that they were able to infect 18,941 computers, 93 percent of all attempts. Of those who received a ransom message that day, 15 percent paid. In most cases, Mr. Hurel said, hackers demanded 100 euros, making their haul for one day’s work more than $400,000.”

Defend against ransomware

Ransomware is most frequently downloaded when users visit a malicious website, open a malicious email attachment, or click on a malicious link on a social networking site, website, or in an email or instant message. To protect yourself from ransomware, your best defenses are practicing the same 8 security measures you should always be applying when online:

  1. Ensure your computer and smartphone operating systems and the software are always up-to-date by choosing their automatic update option.
  2. Always keep your devices protected with strong, reputable anti-malware and anti-virus software.  Nearly 20% of computers in the U.S. still do not have security software installed, and they are not only at high risk for ransomware and other malware, they increase your risk of infection as well. If you know someone without security software installed, help them understand why these tools are vital to their computer health, the protection of their identity, and to their privacy.
  3. Never turn off your computer’s firewall – firewalls are turned on by default to protect users.
  4. Do not open attachments in email unless you know the sender AND expect an attachment from them. Keep in mind that the sender’s account may have been compromised and that criminals could be the ones sending malicious attachments that appear to be from your friend or family member.
  5. Use a website tester product whenever searching for websites. Free website scanners like Web of Trust (WOT) test millions of websites for viruses, malicious software, spyware, adware, phishing and other fake websites, scams, spam, sites that redirect you to other sites, adult material and more, then display the results next to your search engine results as color-coded icons or symbols to help you identify potentially risky sites before you click and become infected. All major browsers include free website scanners; in Internet Explorer it is called a SmartScreen Filter, in Firefox its called Phishing and Malware protection. Be sure you enable one of these services.
  6. Don’t click on ads. If you see something in an ad that interests you, take the extra 5 seconds and search for the item or website yourself by using a website scanner. This is the ONLY way to if the content is safe. Keep in mind that even the most legitimate looking ads can be faked, and that malicious ads have snuck onto sites as reputable as the New York Times. Don’t let down your guard.
  7. Just because your friend put a link on their social networking page doesn’t make it safe to click.  Criminals have all kinds of tricks up their sleeves – they may hijack and swap the destination of a link to direct it to a malware site, or put really entertaining content on a page that secretly downloads malware. Or, they may comment on friend’s pages using shortened URL’s to hide where you’ll land. Always find the information you want by searching for it yourself.
  8. Back up your files.  There is absolutely no reason to lose the information, photos,xmasbanner videos, music, documents, financials, etc., stored on your device. Whether your files are held hostage by cybercriminals, or your computer, laptop, tablet or phone is stolen, or your device’s hard drive simply dies, there is peace of mind knowing you have a backup copy of all your files.  Whether you use Frontier Secure’s unlimited backup and sharing tools, an external  hard drive, or another solution, backing up your content should be set up to occur automatically.

If you don’t know whether your computer is infected, or just wonder if you’ve got the latest software versions installed, you can quickly find out, and it won’t cost you a thing.

Use Frontier Secure’s PC HealthCheck tool, the company’s free online tool and it will tell you if your computer is protected and help you fix possible security issues. It checks to see if your firewall, anti-virus, and anti-spyware software is turned on and up to date, whether your photographs, text documents, and other irreplaceable content are automatically backed up and whether there are security updates available for the most widely used programs on your computer (such as the operating system, web browsers and media players).

If your computer does become infected with ransomware, and you do not know how to wipe your hard drive yourself, contact a computer professional to remove the malware from your computer.

Keep in mind that simply unblocking your computer is not the same as getting rid of the malware. Unless you completely clean your computer the malware is almost guaranteed to remain on your device to steal personal information such as  your user names, passwords and credit card numbers through embedded keystroke logging programs, use your computer as a bot in their botnet, send spam through your accounts, and so on.

5 thoughts on “Ransomware – Your money or your Files

  1. Pingback: Trackback

  2. Pingback: Trackback

  3. Pingback: Trackback

  4. Pingback: Trackback

  5. Pingback: Trackback

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>