Ransomware is a type of malware (malicious software) that takes over your computer and threatens harm, typically denial of access to your data. The modern era of ransomware began in 2013 with CryptoLocker which targeted Microsoft Windows via infected email attachments which encrypted certain types of data. When the computer was infected, it would display a message noting how you could make payment to have your data released. Sometimes paying the ransom worked, sometimes not. In the intervening years, ransomware has become more sophisticated in its targeting and operations.
The first thing is to determine what type of ransomware is attacking your computer: encrypting ransomware, screen-locking ransomware, or “pretend” ransomware. Check to see if you can access files or folders, such as desktop or My Documents items.
If you can’t get past the ransom note on your screen, it’s likely screen-locking ransomware. Notes claiming to be from the ASIO, ATO or police saying you owe a fine, that’s typically screen-locking as well. This is the least destructive form of ransomware.
Check to see if you can browse through directories or apps. If you can open those but can’t open your regular office files, videos, pictures, or emails, you have encrypting ransomware. This is more destructive and difficult to manage.
Fake ransomware threatens that your documents are encrypted. If you can still navigate your system and read most files, then you are probably seeing something fake and you can ignore the ransom note. Try closing your browser; if that doesn’t work, hit Control/Shift/Esc at the same time to open the Task Manager. Choose the Application tab, right click your browser app, and select End Task.
Security experts, including Microsoft, advises against paying ransoms. Paying does not guarantee the return of your files, and paying encourages more attacks. Especially resist paying a screen-locking ransom, as it can almost always be corrected. Paying the ransom also makes you vulnerable to future attacks, as the perpetrator experienced success once and may expect to do so again.
Take a photo of the ransom note presented on your screen, as you may need it for a police report or insurance later. If you do decide to pay, negotiate first. Often you can bring down the price of the ransom. Make sure you contact your financial institution immediately to alert them and have your credit card re-issued or to put your bank on alert.
If you are struck with encrypting ransomware, disconnect your machine from any others, and from any external drives. Go offline if you are on a network, to avoid spreading the ransomware to other devices or to services such as Dropbox. If you have decided not to pay the ransom, use antivirus or anti-malware software to clean the ransomware from the machine. Removing ransomware will not decrypt your files and may end your chances of getting files back with the ransom.
At Blutone Technologies, we ensure your computers and systems are safe from all types of attacks. If you are experiencing a cyber security event, get in touch and let us help. If you’re ready to take serious action to secure your devices, we’re ready to give you the peace of mind you deserve.