For computer users, Ransomware can be among
the most frightening forms of malware – suddenly, your screen is
replaced by a message from the police, demanding money, or a message
saying your files are lost unless you pay a ransom to unlock them.
It’s a booming business – last year,
security researcher Brian Krebs reported that gangs could earn up to $50,000 per day from such malware.
This year, the Home Campaign continued to deliver ransomware via infected websites, with up to
40,000 domains infected at one point, according to ESET researcher Sebastian Duquette.
One particular form of ransomware, filecoders, extort money by
encrypting a user’s files and demanding sums to access them. “We’ve
noted a significant increase in Filecoder activity over the past few
summer months,” says ESET researcher
Robert Lipovsky.
Below are some tips that can help – even if you’ve already fallen victim.
Don’t pay the money
No police force on Earth will lock your computer and demand money –
the message is NOT from the FBI. Do not pay the money. Contact a
computer professional instead, if you can’t unlock it yourself. In some
cases – especially filecoders – there may be nothing you can do, but an
IT professional should be your first stop.
Don’t pirate software, music or movies
Pirate sites offering free music, games or films are often infested
with malware – but this summer, cybercriminals are “gaming” Google
searches to infect wannabe pirates with ransomware. Ordinary internet
searches lead people to such sites – with cybercriminals using “black
hat” SEO to push infected sites high up in Google results, and deliver
Nymaim ransomware, according to
ESET researcher Jean-Ian Boutin. .
“When searching for downloadable content, especially illegal downloads,
it is common to notice questionable websites in the search results. What
is unusual in this case is to witness a malware downloaded right away
when clicking on a Google result,” says Boutin.
Don’t think that if you get past the lock screen, it’s “gone”
It is sometimes possible to get “past” the lock screen displayed by
some forms of ransomware – but that doesn’t mean you’re safe. Your
computer is probably still infected. Either invest in AV software or
contact an IT professional for help.
If you are backed up, you’re “immune” to filecoders
Filecoders rely on one thing – that you keep unique,
precious files on your PC. Don’t. You don’t keep family heirlooms in
your car – you keep them in a safe. Do the same with your data. “If they
have backups, than the malware is merely a nuisance,” says ESET
researcher Robert Lipovsky. “So, the importance of doing regular backups
should be strongly reiterated.”
“There are, however, at least two “fortunate points” about this
malware: It’s visible, not hidden, the user knows he’s infected – unlike
many other malware types that could be stealing money/data silently (of
course, that doesn’t mean that he’s not infected with something else
together with the Filecoder!)”
Try and rescue your files
Unless you have in-depth knowledge, you should contact an
IT professional to help with Filecoders – and don’t get your hopes up,
as many use strong encryption which is basically impossible to break.
“In some cases, when the Filecoder uses a weak cipher, or a faulty
implementation, or stores the encryption password somewhere to be
recovered, it may be possible to decrypt the files,” says Robert
Lipovsky. “Unfortunately, in most cases, the attackers have learned to
avoid these mistakes and recovering the encrypted files without the
encryption key is nearly impossible.”
Learn what “backup” means – and choose the right solution for you
For home users, a simple way to start “backing up” – without delving
into complex solutions – is to use cloud services such as Google Drive,
Dropbox and Flickr to store documents, music, videos and photos. These
services offer free versions, and can at least save some of the most
personal files on your computer from being devoured by malware.ESET
senior research fellow David Harley, writes, “What do you do if you’re a
home or small business user, with no professional system administrator
to explain/set you up with RAID, hot sites, replication, and all the
other esoteric paraphernalia of disaster recovery? My friend and
colleague Aryeh Goretsky’s paper
Options for backing up your computer will help you understand the issues much better after reading it, without overdosing on jargon.”
Detection rate for the malicious attachment: MD5: 0458a01e42544eacf00e6f2b39b788e0 – detected by 31 out of 48 antivirus scanners as Trojan.Win32.Sharik.qhd
