Dwight Watt - Watt Thoughts #279 10/18/2013

#279 - What is ransomware? (Watt Thoughts)

Ransomware are programs that demand you pay money to either stop them from damaging your machine or to get codes to repair your computer. Ransomware fits in the broader category of Spyware and many people put in the overall area of viruses.

The FBI virus is a ransomware program that had been around a few years. It pops up with an official looking screen appearing to be from the FBI or the Department of Justice and says that you have been observed watching child pornography. It says no charges will be filed against you if you will just wire $300 to a specific location immediately. The screen pops up constantly and does not let you close it and work on other stuff. However starting in Safe Mode, and running anti-virus and anti-spyware programs will remove it and things are ok. I have heard that a number of people have sent it money. Use some logical sense. If the US government had observed you with child pornography would they let you get off with just sending them $300? NO

There is a new ransomware that has appeared that is very destructive. This is a trojan virus that is called cryptolocker. The program when it installs itself on your computer pops up a screen telling you that you need to pay $300 (may be a different amount but apparently is typically $300) within a short amount of time to get it removed and to fix it. In addition the program is ruining in the background and is going thru an encrypting (changing all the information to different characters) all your data files. The program sends the encryption code to a server somewhere on the Internet. Now all of your data files are no longer accessible without that key that was sent to a server and a key it has left on your machine. Both keys are needed to decrypt the files.

The program apparently destroys the key on that server somewhere after a random time period and at that point your files are effectly gone. There is no way to decrypt them. Sending them the money may or may not get the key to fix your PC and puts you on the list of easy targets. The only ways to get the files back is if you have a good backup that is not connected to the machine (disk drive that is disconnected or USB thumb dive not plugged in) or sometimes System Restore may be able to get older copies of the files (right click on a file in Computer (explorer) and choose Previous Versions) if shadow copies were made. Doing your backups to optical media like CD or DVD would protect the backups.

It appears that the crypto locker virus is distributed to computers by the link in emails that appear to be from UPS and FedEx that claim they have a package for you and that you need to click on the link to get more information (the link is sometimes the virus as an exe file and sometimes the page it opens has the virus on it). If you get emails saying they are from places you are not expecting and they have links for you to click in them DO NOT CLICK THEM.

The cryptolocker virus is similar to a computer virus back in the early 1990s that was called the AIDS virus and the guy who wrote it was caught and transferred to several countries but never tried. I would think the government can trace down (if not already done) the perpetrators of this, but problem will be prosecuting them as they are probably in a third world country. It is also working similar to the ILoveYou virus from the late 1990s that wiped out peoples pictures on computers. I had a friend who lost all his data files this week to this virus.

Make sure you are backing up your files regularly and have an anti-virus program (current version and definitions updated regularly) and anti-spyware program (current version and definitions updated regularly) on your computer. Be careful on clicking on links in emails. This is irritating as many of us send others links to pictures we have taken and stored at Shutterfly, Flicker, etc. If in doubt send a separate message (not doing reply but choosing the address of the supposed sender from your address book and asking them or not clicking link.



This is a little article I am doing across the Internet of my personal opinions. This reflects my personal thoughts. I try to write several times a month on a variety of subjects. It may be religious at times, political at times, and at other times just my reactions on something happening out there. It will often be like an op-ed article. If I do what I intend, you will at times want to shout I agree, other times you will want to say Dwight has really lost it now, but most importantly I want to challenge you to think. Feel free to forward this to others. If you don't want to get this e-mail let me know. Feel free to use what you read from me, but I request you give me credit and send a tear sheet if published in a newspaper or magazine. Thanks.

If you would like to receive it and you are not on my mailing list, you can subscribe at www.yahoogroups.com or send me an e-mail requesting a subscription. You can find past issues on my home page at http://dwight-watt.home.att.net/articles/articles.html

(c) 2013 by Dwight Watt
Keywords: Arthur Dwight Watt Jr., Dwight Watt, What is ransomware? , rock spring, swainsboro, Emanuel County, Swainsboro, Brunswick, Elberton, Columbia, Rock Hill, LaFayette, Rock Spring, Summerville, Vienna, Washington, South carolina, Virginia, DC, District of Columbia, Winthrop University, Winthrop College, computers, Watt Thoughts, Georgia, USA, web sites,LaFayette, northwestern technical college, georgia northwestern technical college