Originally published at: http://www.howtogeek.com/174343/ransomware-why-this-new-malware-is-so-dangerous-and-how-to-protect-yourself/
Ransomware is a type of malware that tries to extort money from you. One of the nastiest examples, CryptoLocker, takes your files hostage and holds them for ransom, forcing you to pay hundreds of dollars to regain access.
Little do they know but the people who dev ransomware have made me a boat load of money on the side too.
Many articles like this always suggest removing Java. How do you get around the fact that so many websites use Java and without Java installed the functionality is gone?
I do use Firefox with the NoScript add-on, is that a decent compromise?
Yep, that's a viable alternative to completely uninstalling Java. It blocks it by default so you can whitelist whatever site manually.
Name three mainstream websites that use Java. Google, Microsoft, Yahoo, YouTube, all of these don't.
@foo Also see this.
OK - so what's the process if you are held hostage by CryptoLocker and refuse to pay? Is there no other choice but to reinstall the OS, or will a system restore work?
From what I read in the article, CryptoLocker encrypts your DATA. Rebuilding the system, via reinstall or system restore, may get rid of the malware itself, but the only way to get your data back without CryptoLocler's private key is from a backup of your data that was offline at the time of infection.
So, remove the malware by whatever method, then restore your data. That seems to be the only way out short of paying CryptoLocker.
A question that just occurred to me: can this malware affect your Cloud storage, (SkyDrive, SugarSynch, DropBox etc) and therefore affect other machines connected to that particular cloud instance?
That's what I was afraid of - thanks!
It would appear the the best line of defense is to have automated backups to a couple of different external drives that you rotate on a regular basis. That way, if it spread to one of your drives, you'd have an offline set of files to restore from. I'm sure the LadyFitzgerald will chime in here soon.
What about using a "computer emulator" just for navigating Internet? Like Bochs or VMWare, you create an image with nothing but the essential to navigate and play^H have some fun. No important documents, nothing to be protected, if the machine is compromised, shutdown it and start a new image, fresh and without virus or ramsonware?
If you have the ability to do that (read: you have a spare OS disc, or are willing to use Linux for the VM), and have the patience to load an entire other operating system for that, then that's the safest method. You have to make sure all traffic is either host-to-guest, or no clipboard/file sharing at all.
I have discovered what some people might call a more "low-tech" method of prevention in cases such as this.
In most cases, the malware cannot infect a computer without some interaction on the part of the owner.
For instance - Clicking on a link, image or attachment from an unknown sender -- or trying to close or "X-OUT" of a pop-up window with a warning.
The bad guys rely on that very first moment of confusion and indecision - when you will try to click or close or delete -- or do something -- and they will use those actions as their means of gaining entry to the system.
When presented with one of those scary pop-ups, here's what I tell people to do:
Take your hand off the mouse and step away from the keyboard!
Then - the next thing to do is immediately disconnect your computer from the internet by directly pulling out the power cord of your modem. Once you see the icon informing you that you have lost your internet connection, I will also unscrew the coaxial cable - just for good measure.
Next - shut down your computer via the power button.
Yes - I know -- You might "lose some work" -- but that's a small price to pay, considering the alternatives.
Restart your computer - and spend a few minutes running a few trusted programs and opening known documents before connecting to the internet. If you still have an odd email sitting in your inbox, you can try to delete it. If you have to do that, after deleting, reboot again.
Once you have confirmed that you are in the clear, you can go ahead and re-connect your modem and go back online.
This may sound silly - but it has actually saved both my wife and myself on a couple of occasions.
Remember - In cases such as this, a moment of calm thinking can go a long way.
Does anyone know if the ransomware can access the files on a hidden drive/partition? That's where I have my backups. Also most store bought Pc's and laptops have a hidden recovery partition.
That's what I thought.
Thanks for the input.
Unless it runs outside of Windows, it's highly unlikely. The only possible way would be to scan the partition table, and I don't think ransomware would do that. It only needs to threaten the user with his/her files, the user can get another reinstall done easily, so no point in searching for hidden partitions and deleting them.
What you said pretty much sums it up.
As was already pointed out, the only safe backups are ones on drives kept disconnected from the computer.
Thanks. That's what I thought.
I created an account just so I could thank Straspey for sharing his method. I am grateful to know this.
A query also to those more knowledgeable here: I don't seem to ever get those kind of pop ups. I run the adblockplus and the adblock pop up add ons. I was wondering if using them might be considered another tool in the arsenal of defense against this type of malware?
next page →