ransomware

OK, I don’t usually resort to all uppercase letters when writing posts as it is bad etiquette and akin to shouting at you, but in this case I am shouting at you! This is about as bad as it gets so this is one of the most important posts you may read.

Ransomware is a virus, and a particularly nasty one a that. There are various forms of rasomware ranging from those that lock you out of your computer to the worst of them all, the one that encrypts your data (cryptolocker). Cryptolocker is especially nasty as once it has encrypted your files there is no way on un-encrypting them without paying the ransom.

So have I got your attention now? Yes? Good!

How do you get this infection?

Ransomware usually infects your system via a rogue link in an email (a phishing email). This email often comes from, or claims to come from, a security agency such as the AFP or the FBI although there is also records of one from Australia Post.

I cannot emphasise enough how important it is to NEVER (there are those capitals again) click on a link in a suspicious email.

It can also come from botnets or other malware or from visiting malicious websites.

Identifying a suspicious email message.

How do you decide if an email is suspicious? Well if it’s not from your Mum or your kids or from a business contact, it would be a good idea to not click on any links. In fact it is not unknown for an email address to be hacked and used to spread viruses so even that innocuous email from Auntie Alice could contain a dodgy link!

So are you getting nervous or even scared now? I do hope so!

Try to remember that no security agency is likely to ever send you an email asking you to click on a link for any reason. This also goes for banks. No bank will ask you to click on a link to update your details, confirm something or other or for any other reason.

There are a number of ways to check the validity of an email, none of which are fool proof! You can check the senders email address. This will often be almost undecipherable, or a dodgy looking gmail address or from a dodgy looking domain. Or you can hover the mouse cursor over the link in the email (don’t worry this will do nothing so long as you do not click on the link) and it will display the address that the link will connect you to. As with the email address this is likely to be a pretty dodgy looking address. Even if it isn’t and they are managing to spoof the address so that it looks legitimate, do not click on the link!

How to avoid ransomeware

Unfortunately as with any virus infection there is no guaranteed way of stopping these nasty little viruses. As is always the case the anti-virus companies need a copy of the virus so they can produce the update to stop them. Well that’s not entirely true as they can write anti-virus modules that look for patterns etc which identify viruses and whilst these may occasionally stop legitimate files and programs that is preferable to getting an infection.

Vigilance and regular updates (Windows, anti-virus and programs) and regular scans. Not clicking on any links in suspicious emails. Regular backups. These are the steps to avoid infections and mitigating the damage that they can cause.

What to do if you are infected with ransomware.

There is a very slim chance that you can stop it before it does too much damage. This will require that you detect the infection at a very early stage, manage to uninstall it and then copy all of the unaffected data from your machine before it can complete its work! Obviously a little bit tricky!

Probably the most effective way if you do notice it early on is to just shut the machine down and remove the hard disk. You can then connect the hard disk to another machine and try and recover your files that way. This again relies on very early detection of the infection.

The most effective way of getting rid of it and getting back to normal is to rebuild the computer form scratch wiping out everything on the hard disk and then restoring your data from your backup.

A note on backups.

If you use a backup system that only either sycnhronises files or replaces the backup files every time the backup runs then you could find that even the backup files are encrypted! If you did not notice the ransomware for a few days or did not notice the encrypted files then these may get backed up and overwrite all the good files in the backup.

This is where a good backup regime is critical! I have written about backups in various other posts so won’t repeat that here.