If you have heard of CryptoLocker, CryptoWall, Cryptodefense or any of those related ransomware infections, pray to the geek gods that you don’t get it.
Ransomware is unsolicited software that hijacks your computer and holds your data hostage. Malware and traditional viruses for the most part hijacked your computer and software but let your data survive untouched. Not with this set of evil hijackers. Now your data is held hostage literally with a ransom demand of money.
Once infected, the ransomware encrypts your data, moves it and then hijacks your browser so that you are automatically redirected to a file that tells you how much to pay and how long you have before your files are permanently lost.
This is so much more than SPAM. So much more than browser hijacks for advertising. This is straight out criminal and malicious activity to destroy your data.
Where do you get this type of infection?
This is an important question with an important multi-part answer:
1)It appears as an attachment in an email or as a pop-up update to legitimate software like Adobe products, Windows products or Java products.
2)It HAS TO BE ACTIVATED by the user. This means that the user usually agrees, opens, runs or accepts the item in question for it to start its activity.
3)Even legitimate websites can redirect to hijacked websites. For example, if you search on Google for a specific topic and choose to follow a link to what you think is a legitimate .PDF file, this could be a trap.
How do I get rid of it?
The real question is, how do I get rid of it BEFORE it damages my files. There are plenty of tools out there that can remove the actual malware code. There is also manual instructions available to do it if you are advanced enough, but the trick is not just getting rid of the malware but getting rid of it BEFORE it encrypts your data. Unfortunately, if it has already done so, the core malware code is no longer the main problem.
Once your files have been encrypted, you only have a few choices:
1) Pay the ransom. We DO NOT recommend submitting to blackmail. Even though there have been reports of paying the fee and getting the decryption key successfully, there have been just as many accounts of people paying and then getting their credit cards hacked with no decryption provided.
2) Restore from backup. This is why we always recommend backups that are not only secured, regular and complete but also testing backups on a regular basis. With an image backup, you can even restore back to before the system was infected.
3) Wipe out the now useless files and start from scratch. This is the most painful option in that you basically accept the fact that your files are gone.
The only true defense against this type of infection (or any kind in our opinion) is to have proper backup. The state of antivirus and antimalware programs is always changing as new threats force the developers to continually update their software. This always leaves gaps and opportunities for infections to come through which is why we never guarantee 100% protection. In fact, Symantec recently announced that antivirus software is only about 45% effective on its own. see Antivirus is dead… published by PCWorld.com
Therefore having a regular and secure backup, whether it is locally done to a portable drive or whether it is done to a cloud based system, is the best way to avoid the stress of losing all of your data regardless of the type of attack.
We offer online cloud based backup stored on servers in Montreal, QC. Our backup service allows us to perform a variety of backups types including full image backup for reasonable rates. Consider how much your business would lose if all your data was suddenly and effectively deleted. How much would you pay for it to be brought back and how long would you expect to wait for it? With our cloud backup offering, you can recover your files to any internet connected computer anywhere in the world at any time.
Read up on our backup suggestions at Holy Trinity of Backup
If you have any questions about our backup service or about this article, feel free to contact us anytime.