Wednesday, May 13, 2015

Backup, backup, backup!

Did you miss that?  I said BACKUP!

 A recent issue highlighted this once again.  A computer had been infected by AlphaCrypt.

This is a recent incarnation of one of those nasties known as ransomware which encrypts ALL of your files and then offers to sell you the information required to decrypt them.

Once they are encrypted you have a number of options
  • Pay the ransom (several hundred pounds) and HOPE that they are honourable enough to let you have the key
  • Restore all your files from backup (you do have one, don't you?)
  • Accept that you've lost  all your data; all those photgraphs; all those documents; all those business accounts!

How it works

Put very simply, there is an encryption method known as asymmetric encryption where two keys are used; a public key is used to encrypt a message (or whatever) but only the private key can decrypt it. 

Say, for example, I want you to send me some secure information, I can generate such a key pair and send you (and everyone else) the public key so you can encrypt the message but only I can decrypt the message since only I have the private key.  There's quite a good description on wikipedia.

What this nasty does is to load the public key onto your computer and then go searching for files.  This includes your hard drive PLUS any drives that are plugged in to any USB ports - so don't leave your backup drive connected all the time!  Each file then gets encrypted using the public key and then they offer to sell you the private key.

So how can I help

The best thing I can do is encourage you most strongly to BACKUP!  If you need advice or a system setting up then get in touch.

Regarding the infection, I can certainly remove it from your system but there is no way I can decrypt your files.  And if you have the malware removed then there will probably be problems trying to decrypt them even though you've paid out the ransom (assuming they were honest enough to respect your transaction and give you the private key)


Post a Comment

<< Home