Monday, May 16, 2016

Beware of Cryptolocker and similar nasties!

The one thing that really scares me is the type of ransomware (they hold your computer to ransom) which encrypts(1) your data.

This particular nasty gets on to your machine and encrypts ALL your data files; your documents, your music, your pictures... Everything! And there is no way of undoing the process!

The idea is that they then charge you around £300 to get the key required to decrypt your data.

So there are three areas of consideration...
1. Don't let the infection in
2. If the infection gets past you, have software which stops it
3. If the infection runs, how to recover

1. Don't let the infection in

The usual way of getting infected is by means of an email that persuades you to click on an attachment which, of course, is the infected file. So rule number one. - never click on an attachment (or any other link) in an email unless you are 100% sure what it is and where it came from - and even if you are sure, think very carefully before clicking; are you really, REALLY sure?

2. If the infection gets past you, have software which stops it

A number of products have been proposed but one which appears to be likely to work well is Malwarebytes Anti-Ransomware. It's still in beta test state but seems to work without problems and runs on Windows 7 and later.

3. If the infection runs, how can you recover now that all your files are encrypted?
So what are the options?

1. Try and decrypt the data yourself? Sadly the most powerful computer could not do this in your lifetime so let's rule that one out!

2. Pay the money? So these CRIMINALS have stolen your data and you want to give them money in the HOPE that they're honorable and would honor the deal? Also you're encouraging them to keep on doing it! Not an option I'd choose!

3. Abandon your data? A bitter pill to swallow, especially since you'll lose all those previous photos you used to have stored.


4. Restore from backup. Now THAT'S an easy one but it does require that you've got a backup - and also (here's the scary stuff) that the backup hasn't also been encrypted! The problem is that this particular nasty encrypts not only the files on your computer but it looks around for any drives you've got plugged in so if you leave your backup drive plugged in it'll also get encrypted!

So, protection = backup to an external drive and only plug it in when you take the backup.

(1) encryption is a process which was used to send secret messages except that modern methods are very sophisticated, using a key to encrypt the data but a different key to decrypt it. If you want more details search the web for 'asymmetric encryption' or send me an email.