Dwight Watt - Newspaper Article #223 10/23/2013

Question: What is ransomware?


Ransomware are programs that demand you pay money to either stop them from damaging your machine or to get codes to repair your computer. Ransomware fits in the broader category of Spyware and many people put in the overall area of viruses.

The FBI virus is a ransomware program that had been around a few years. It pops up with an official looking screen appearing to be from the FBI or the Department of Justice and says that you have been observed watching child pornography. It says no charges will be filed against you if you will just wire $300 to a specific location immediately. The screen pops up constantly and does not let you close it and work on other stuff. However starting in Safe Mode, and running anti-virus and anti-spyware programs will remove it and things are ok. I have heard that a number of people have sent it money. Use some logical sense. If the US government had observed you with child pornography would they let you get off with just sending them $300? NO

There is a new ransomware that has appeared that is very destructive. This is a trojan virus that is called cryptolocker. The program when it installs itself on your computer pops up a screen telling you that you need to pay $300 (may be a different amount but apparently is typically $300) within a short amount of time to get it removed and to fix it. In addition the program is ruining in the background and is going thru an encrypting (changing all the information to different characters) all your data files. The program sends the encryption code to a server somewhere on the Internet. Now all of your data files are no longer accessible without that key that was sent to a server and a key it has left on your machine. Both keys are needed to decrypt the files.

The program apparently destroys the key on that server somewhere after a random time period and at that point your files are effectly gone. There is no way to decrypt them. Sending them the money may or may not get the key to fix your PC and puts you on the list of easy targets. The only ways to get the files back is if you have a good backup that is not connected to the machine (disk drive that is disconnected or USB thumb dive not plugged in) or sometimes System Restore may be able to get older copies of the files (right click on a file in Computer (explorer) and choose Previous Versions) if shadow copies were made. Doing your backups to optical media like CD or DVD would protect the backups.

It appears that the crypto locker virus is distributed to computers by the link in emails that appear to be from UPS and FedEx that claim they have a package for you and that you need to click on the link to get more information (the link is sometimes the virus as an exe file and sometimes the page it opens has the virus on it). If you get emails saying they are from places you are not expecting and they have links for you to click in them DO NOT CLICK THEM.

The cryptolocker virus is similar to a computer virus back in the early 1990s that was called the AIDS virus and the guy who wrote it was caught and transferred to several countries but never tried. I would think the government can trace down (if not already done) the perpetrators of this, but problem will be prosecuting them as they are probably in a third world country. It is also working similar to the ILoveYou virus from the late 1990s that wiped out peoples pictures on computers. I had a friend who lost all his data files this week to this virus.

Make sure you are backing up your files regularly and have an anti-virus program (current version and definitions updated regularly) and anti-spyware program (current version and definitions updated regularly) on your computer. Be careful on clicking on links in emails. This is irritating as many of us send others links to pictures we have taken and stored at Shutterfly, Flicker, etc. If in doubt send a separate message (not doing reply but choosing the address of the supposed sender from your address book and asking them or not clicking link.