Ransomware is one of the most prevalent and annoying types of malware currently making the rounds. With some strains even encrypting a victim’s files rather than just simply hiding them, it can feel like the only way to rescue your computer from this criminal software is to pay the extortion fee, but don’t be dragged into their trap, there are other ways out!
If your computer is infected, please contact us as soon as possible so we can help.
What is ransomware?
Ransomware is a type of malware that demands money from you (a ransom), often restricting access to your computer purporting to only remove the restriction after payment. There are many different types and strains of ransomware, most are easy to remove while others encrypt your files and threaten to destroy them if you do not pay within a given timescale. A number of them use scare tactics like displaying the logos of local legal authorities and showing fake warnings such as “illegal activities have been detected on your PC”. These warnings are fake and have no association with legitimate authorities.
What does ransomware look like?
The most common and simplest type of ransomware is more accurately described as scareware and consists of bogus antivirus or clean-up tools that pretend to scan your computer and display colourful warnings about the large numbers of “issues” detected with or on your computer, and demand that you pay a fee in order to fix them. Normally this type of ransomware will allow you to continue to use your computer, but repeatedly popup with alerts and warnings in an attempt to extort the ransom from you. They are often visually similar to common Windows components or other legitimate antivirus or clean-up tools, making it difficult to identify them at first glance. Often, these variants are the easiest to remove.
Another variant is the type that fully locks-down your system and prevents access until a fee is paid – these are most lucrative for the operators as they often employ scare tactics like claiming that your computer has been involved in illegal activities and displaying official police logos to reinforce that notion. These claims are entirely false and, as usual, the ransom should not be paid; the malware can be removed by other means.
By far the worst variants are those that encrypt your personal documents and data such as the infamous CryptoLocker – these variants often begin by remaining hidden on a victim’s computer, silently encrypting all documents are files it finds. Once encryption is complete, it will spring into action much like the non-encrypting variants by preventing access to your computer. Surprisingly, these variants usually don’t include official logos, but instead rely on your impulse decision making by showing a countdown timer that tries to convince you to pay the fee before the encryption key (and with it your files) is destroyed.
How can I protect myself from them?
There are a number of ways that your computer can become infected, but the vast majority of them rely on you visiting compromised websites or opening spurious email attachments. You should:
- Avoid downloading anything from sources that you don’t recognise or trust
- Never open email attachments (or click links within emails) that you’re not expecting
- Use anti-virus software and ensure it is kept up-to-date
- Regularly backup your documents and files
Remember to always ensure that your computer is protected by anti-virus software and that this software is up-to-date. It is also good practice to frequently backup your documents and files to external or removable media, but don’t keep your backup drive connected as this can also become infected. A cloud storage service such as Dropbox or Google Drive can be used to backup your files with multi-version history so you can restore files from specific dates. You can also use a network attached storage (NAS) device such as those from Synology. Array IT can help you setup and configure any of these services if you require, please contact us for a quote.
Should I pay the ransom?
We do not recommend that you pay. There is no guarantee that paying the ransom will allow you to regain access to your files or computer. Paying the ransom could also make you a target for more malware. Furthermore, this malware is a type of fraud so paying the fraudsters is not a good idea. If you have paid a ransom, you should contact your bank and the police.
How can they be removed?
The majority of these variants can be removed by starting your computer in Safe Mode and then manually removing them. Others, like the encrypting variants might require you to restore from backup or revert to an earlier System Restore point. If you need help or would like us to remove them, our anti-virus removal service can do just that. Please contact us for assistance and more information.