What is Ransomware?

Ransomware is a type of computer virus that stops you from using your computer. These types of viruses can prevent you from using the internet, your computer, or in the case of CryptoLocker, encrypt your files rendering them useless. One thing these ransomware viruses all have in common is that they want you to pay them in order to release your computer from their grasp. Even if you hand over some money, it doesn’t mean you will get your computer working properly.

Rogue Security Software
We’ve already got an article about rogue security software, which you can read here. But generally rogue security software is a form of malware which either misleads you into buying software to remove an infection or installs other malware. They look quite convincing; however they are easy to spot. They are often full of spelling mistakes and keep alerting you of problems until you proceed with the ‘fix’. In the worst case scenario they can even cripple your computer and will not allow you to use it.

CryptoLocker came out in mid to late 2013. The mission of this virus is to encrypt your files meaning they are unreadable. The virus is typically spread through email attachments. Once the CryptoLocker downloads on to your computer, it generates a 2048-bit RSA encryption key, and uploads it to its server. Once the key has been generated, it begins encrypting data on any local or network storage device that your computer can access, targeting files matching a specific whitelist of file extensions. The virus will inform you of its presence, and include a count-down (typically 3 to 4 days). Once the CryptoLocker countdown has hit 0, everything the virus was able to encrypt has been encrypted, and the encryption key deleted, making recovery impossible. CryptoLocker will demand a payment, we’ve seen as low as £200 and as high as £600, in order for your files to be encrypted, but the decryption process must start before the countdown hits 0. Any files that have been encrypted cannot just be decrypted; a 2048-bit encryption key would take thousands of years to discover. The only way to recover your files is by paying the ransom and hope the virus will decrypt your files, or by removing all traces of the virus and restoring your files from backup.

Make sure you perform regular backups of your computer. You can do this by manually copying your files to a removable hard drive (remember to unplug the hard drive once you’ve done the backup or else the CryptoLocker virus will encrypt your backup too) or you can use one of the many online cloud backup solutions. You can also protect yourself by using a decent antivirus solution. You can also use a program called CryptoPrevent which will help keep your computer safe from the CryptoLocker virus.

Once Infected
The number one thing you should do once you discover your computer is infected is turn it off. The virus cannot encrypt files if the computer has been turned off. Some claim that unplugging it from the internet will stop it from encrypting, this is not true. Next, do not pay the ransom. The biggest reason is because you would be feeding a criminal and recovery can be less than what the cyber criminals are asking for. Give us a call immediately to have your computer recovered from this virus. Make sure to give us all the backups you have, or access to your online storage backup.

If you believe your computer to be infected with ransomware, or any other type of malware, give us a call on 01543 889 444 and we will be happy to help.

Share this post: