What is "Ransomware"?
Welcome to PC Tech for Hire, Montgomery Alabama's dedicated residential and small business computer repair and service provider.
Ransomware is a type of computer virus that "holds" your computer hostage. These type of viruses can prevent you from using the internet, your computer, specific programs, or in some cases, encrypt your data. One thing these viruses all have in common is that they want you to pay them in order to release your computer from their grasp. While some keep their word, and once you pay they delete themselves, not all of them do and they simply take your money and ask for more. Common payment methods include Moneypak, Paypal, wire transfers, etc.
I'm only going to outline the more common of these, what they look like, and what they are going to do.
The FBI virus is the more common one for those in the United States. There are many versions of this one, some claiming to be Interpol or another local police agency to your country or region. One thing that really makes this trojan virus stand out is that it pops up your screen on says your computer has been used for illegal activities such as pirated software or child pornography, and your actions on the computer are being monitored by law enforcement. The warning informs you that in order for you to have your computer unlocked, and the charges dropped, you must pay a fine using an anonymous prepaid cash service. This virus will give the illusion that this is real, but this is not how law enforcement works. If they knew where you were, and what you did, they'd knock on your door, not lock your computer. While many antivirus programs do in fact prevent or even remove this virus, this virus is not always traveling alone. One of the things this virus does is send a few of its friends in first. These friends will disable your computers security, or stall it, so the virus can get in there and take control of the computer.
So how do you get this virus? Typically it is done through downloading what appears to be legitimate software from websites, especially torrent downloads. The less common way is through drive-by means, or visiting a website that has been infected to download the virus without your knowledge in the background.
In some cases, this virus can be removed remotely, but in most cases the computer has to be cleaned of this virus either on site or in a shop. It is strongly encouraged to have the FBI virus removed by a professional as this virus can return after a computer has been restarted if it has not been removed completely or correctly. To really prevent yourself from getting infected, make sure you only download software from a legitimate website, and never download unverified torrents or pirated software.
CryptoLocker came out in mid to late 2013. This is a computer worm virus, or one that spreads through your network. The mission of this virus is to encrypt your files and hold them for ransom. Typical infections are via attachments in malicious emails, and most recently through drive-by downloads. Once the CryptoLocker downloads on to your computer, it generates a 2048-bit RSA encryption key, and uploads it to it's server. Once the key has been generated, it begins encrypting data on any local or network storage device that your computer can access, targeting files matching a specific whitelist of file extensions. The virus will inform you of its presence, and include a count-down (typically 3 to 4 days). Once the countdown has hit 0, everything the virus was able to encrypt has been encrypted, and the encryption key deleted, making recovery impossible. CryptoLocker will demand a payment, we've seen as low as $200 and as high as $600, in order for your files to be encrypted, but the decryption process must start before the countdown hits 0. Any files that have been encrypted can not just be decrypted, a 2048-bit encryption key would take thousands of years to discover. But do not fear, there are many things that can be done to safeguard your computer, and recover lost files.
Make sure you perform regular backups of your computer. Whether it is ProActive Care - Backup or any other means. If you use an external hard drive, remember to unplug it and store it somewhere safe to keep this drive being encrypted as well. Install CryptoPrevent or call us to install it for you.
The number one thing you should do once you discover your computer is infected is turn it off. The virus can not encrypt files if the computer has been turned off. Some claim that unplugging it from the internet will stop it from encrypting, this is not true. Next, do not pay the ransom. The biggest reason is because you would be feeding a criminal and recovery can be less than what the cybercriminals are asking for. Give us a call immediately to have your computer recovered from this virus. We will have to take your computer, and turn around times for recovery do vary. Make sure to give us all the backups you have, or access to your online storage backup.
Other Ransomware Viruses
Windows Product Activiation is another worm virus that is not as famous as the other two, but it gets the job done as far as what it does. If you've already activiated your Windows installation, you should not have to do this again unless you replaced a major hardware component inside the computer itself. Always consult us before you write this off as a virus. This virus informs the user that you have to re-activate your copy of Windows due to being a victim of fraud. There will be a pop-up trying to take you to a website (a link that normally does not work), and instead has you call one of various international phone numbers to input a 6-digit code. While the claim is that the call would be 100% free, the call is actually routed through a country with an extremely high international phone rate, and then they place you on hold for a long while. This causes the user to incur a very large long distance charge.
If you believe your computer to be infected with ransomware, or any other type of malware, please contact us for a Virus Removal service. Ask about my ProActive Care - Antivirus service that can help prevent a lot of these types of ransomware and malware.
Hi! I'm Ronnie, your PC Tech for Hire for the Montgomery, AL area! Let me know if you need my 25+ years of experience to help you with your computer needs.