View Mobile Site

Tech Talk: One form of malware holds your PC for ransom

POSTED: January 25, 2014 12:08 a.m.

In the world of computing, the biggest headache used to be a virus. By definition it is a self-replicating piece of code in the form of an application that destroys data on your computer and spreads rapidly.

Next comes malware, technically not a virus but simply bad software that you neither ask for nor want on your computer and is more of a nuisance than anything.

Now the most recent addition to this list of things you don’t want installed and probably the most annoying is ransomware. If you haven’t yet had the pleasure of experiencing it, be grateful.

Ransomware appears in the form of a pop-up on your computer that attempts to intimidate you because of something you did (supposedly illegal) with your computer. Some say they are from the FBI or the Department of Justice and state that your computer is now locked because of websites you visited or files that you have downloaded. But if you pay the “fine” (anywhere from $45 to $2,000), your computer will be released.

Other hijackers take hold of your system and lock you out purely for financial reasons and simply advise you to pay or else you will not be able to use your computer. You pay them and you will get to use your computer again — supposedly. There is always the thought, “What if.” Suppose they don’t release my computer after I pay them? Well, you don’t know. It’s a huge gamble.

The intimidating warning, usually in red, states that your files are encrypted and that your computer is in lockdown. Any attempt to remove the lock will destroy your files.

Cryptolocker was prevalent during 2013 and set a time limit for you to pay them, with a ticking digital clock on your screen. No pressure.

Unlike others who claimed to encrypt your systems files in the hopes you would pay, these pirates who run Cryptolocker actually do use encryption and not just once, but twice, with the most sophisticated methods known. They explicitly warn that any attempt to try to remove the software or try to recover the files would lead to their destruction.

I had a client recently tell me Microsoft called her to offer to repair an infection she had, for a price. Microsoft didn’t call her; a scammer did. The only infection she had was as a pop-up that everyone gets now and again. With the proper applications installed, they can be removed. Microsoft will never call you and it isn’t concerned with your corrupt computer. Only scammers and hackers will call you.

Other scammers use email warnings to intimidate. Often they arrive as a notice of delivery for the Postal Service, UPS, FedEx or DHL and require you to click on a link to ensure you get your package. Ignore them as you would phone scammers. Once you click, it’s too late; you are infected.

It is extortion and is illegal, but these folks are smart and cover their tracks well. Many are out of the country and are thus untouchable.

Initially, the hijacking was done for a supposed fix of your system due to a corrupt registry. The ploy was that it was infected with malware and they’d charge you to fix it. You never know if they would actually effect repairs or just charge your credit card.

The fact is, nobody could advise you of a corrupt registry without scanning it first. So without a scan, it is a scam.
With some forms of ransomeware, it can’t be eradicated. Instead, your hard drive would have to be wiped and you’d need to reinstall Windows. With some cases of hijackings though, your system can be returned to normal without much trouble. Certain cases are more severe than others.

Now more than ever, it is important to backup your personal files on a regular basis. If you do this and get taken hostage, you can then safely ignore their threats, reinstall your operating system and replace your files.

You will have to rebuild your system after reinstalling Windows, unless you make regular images of your hard drive (with Norton Ghost or Acronis True Image to name a few), but the longer we continue to pay these extortionists, the more they will continue to take our systems hostage.

If you access the Internet on a daily basis, your computer should be scanned daily. Weekly or monthly scans are insufficient and you are inviting trouble in the form an infection if your defenses are that lax.

Install an Internet security suite that is proactive. This type of tool stops an infection from gaining access to your computer so you don’t need to later worry about trying to remove an infection has infiltrated your system. It’s infinitely more effective to stop an intruder at the door than to have to worry about how to get rid of it later.

Whatever you do, ignore the nefarious extortionists; don’t pay them. Keep a current image or a backup of your data and a Windows CD on hand; it’s absolutely the less expensive alternative.

Arthur Glazer is a freelance writer and computer technician in Gainesville. His column appears biweekly on the Business page and on gainesvilletimes.com.


Contents of this site are © Copyright 2010 The Times, Gainesville, GA. All rights reserved. Privacy policy and Terms of service

Powered by
Morris Technology
Please wait ...