Dwight Watt Newspaper Article #351
Ransom ware is a really bad version of malware. Malware is any type software that does damage to your computer or data.
Ransom ware is a variety of programs that when installed on your computer will proceed to encrypt all your data on your computer and give you a notice that it has done it and either demand payment within a few days in bit coins (an Internet currency) or with a cash card like GreenDot.
The software says if you send the money as directed that they will give you the key to decrypt your hard drive and free your data. In all likelihood if you pay them you will never hear from them or get the code. By using bit coin and GreenDot cards they are making the trail to where money goes hard to follow and they are probably in a poor country in another part of the world where getting law enforcement help is doubtful. The FBI recommends paying the ransom but I do not. I was surprised when they told me this at a cyber security conference in October.
If you get ransom ware immediately remove all external drives (hard and flash/ thumb) to hopefully stop it before they are hit. Also disconnect immediately from the network so you do not spread in your network.
Then decide if you want to risk paying them. If you will do not do anything to try to fix or you will probably remove the other key needed and even if they gave you key it is not fixable. I do not suggest paying the ransom. If you are not going to try that then make sure your anti-virus and antispyware are up to date. If they need updating or installing you will probably need to reconnect to the Internet. Remove all other devices from your connection first. The programs I like the best currently are Avast and Superantispyware. Norton and AVG and others also do a good job. I see too many things slide by McAfee and Microsoft Security Elements to suggest them. Restart your PC in Safe Mode and run full scans. Avast has a boot scan I strongly suggest running. They will clean your machines but if the data files were really encrypted they will not recover them. If you have a backup of the data and picture files you will probably be ok.
The most common way I have seen people get ransom ware is clicking links in emails that did not come from where claimed. The two types of messages that were at fault in cases I have seen included emails about getting packages and emails says your accounts (email, bank, etc) were bad and you needed to click and fix. If you are using a PC or laptop look at the bottom of your screen and see what the real url/address is before you click. If it does not match or does not match where claims from, says from regions Bank but URL when hovered over shows it is linking to www.urafool.com/regions donít click it. Regrettably on a phone using browser there you canít do this.
There are also fake ransom ware out there which claims that drive is encrypted when really is not and just did a browser capture giving you message. Most of the time I have seen it as a message claiming to be FBI and that you have child porn on PC and if you will pay $300 they will drop it. Doing the scan in safe mode mentioned above usually solves it.