What is Ransomware?
Ransomware is defined as;
“a type of malicious software designed to block access to a computer system until a sum of money is paid.”
Basically, it is the horrific procedure of logging into your computer and being greeted with a red image which demands large sums of money in exchange for your data. They normally give you a time limit such as 24 hours to pay this money otherwise everything on your computer will be wiped.
When did it start?
The earliest version of the ransomware we know now is called Cryptolocker. It was first used at the end of 2013 with disastrous effect. Immediately the internet and tens of thousands of users were reporting the new virus locking down their hard drives with absolutely no warning and no advice on how to get their data back.
How do you get it?
Most of the time it is from visiting a website that contains these malicious scripts. These viruses can be hidden in a plethora of places including;
- A multimedia codec required to play a certain video or clip
- A free online malware scanning service
- A browser plugin or extension usually found in the toolbar
- Software shared in a peer-to-peer network
Upon clicking on this item, the ransomware will already start encrypting your files but you will be unable to see the effects until you restart your computer. After restarting you will be unable to access Windows unless you pay the required Ransom.
However, if you have the latest copy of Windows, Microsoft SmartScreen or Google Safe Browsing and up to data anti-virus software, the ransomware should not be able to get through to all your data.
How can I get rid of it?
Well, firstly it is strongly recommended you do not pay the ransom. This is because these people are working illegally and even when you have paid the money there is no guarantee that they will actually give you your data back. Also simply paying it reinforces the idea that it is profitable to steal data and people will continue to do it.
The solution is entirely based on what type of ransomware virus you have got. To find out which ransomware you have you need to find out which bit of malware (software which is specifically designed to disrupt or damage a computer system) has been infected on your computer. The main problem associated with ransomware is that people are creating more variations of ransomware quicker than professionals are able to stop them and find the solutions to the already present ransomware. So although many variations of ransomware are fixable, newer ones are sometimes currently impossible to fix.
Below are examples of certain variations of ransomware and how you could go about fixing them;
Scareware – this virus claims your computer has been locked by the FBI or a local police force (see picture below). This is one of the easiest viruses to remove and you can do this by simply CTRL + ALT + Delete > close /force quit on Macs on the browser that the virus has appeared on.
Lock-Screen Viruses- this is when the virus prevents you from entering Windows or running programs. This is one of the simpler viruses and can normally be fixed by a simple system restore. This does NOT affect your personal files, it simply returns the system files and programs to their original state of back up. To do this shut down your PC, turn it back on after a couple of minutes and as soon as you see anything on the screen press F8 on the keyboard repeatedly. This should bring up the Advanced Boot Options. Then click Repair your computer > your Windows account name> enter account details > System restore.
Master File Encryption– the ransomware which targets the Master File Encryption itself and individual files within it. To get these files back you need to use an undelete program such as EaseUS’s Undelete or Piriforms Recuva. However, if there are more than a few files that are encrypted getting IT help is strongly recommended.
Military Encryption– This is the sort of ransomware which encrypts files with military strength. This can be solved by downloading one of a series of more extreme anti-virus programs such as AVG and Emissoft.
Rokku– ransomware like Rokku individually encrypts each file with its own key. This makes it nearly impossible to get your files back and unfortunately means that the majority of people lose their files even if they pay the ransom.
To find out which ransomware is affecting your computer you can use Crypto Sheriff who will help identify the type of ransomware and provide a solution if there is one. All you have to do is upload 2 encrypted files and after Crypto Sherriff has defined it they will send you the link to download the decryption solution if there is one.
Is there nothing else I can do?
Yes! Well, this is less of a solution and more of a preventative measure. Along with making sure you constantly have up to date anti-virus software, make sure you back up your computer frequently. This means that if a ransomware virus ever occurs on your computer it will be a minor issue as your operating system and all of its content will be safely stored in the cloud or on an external hard drive. Advice on how to backup your data efficiently and effectively can be found here
If you need any more help – contact us!
Lucidica provides London based IT support for businesses