How to deal with a ransomware attack
Posted on 18 Mar 2013 at 10:34
Davey Winder delivers advice for those who find their data has been taken hostage
The ransomware threat has grown over the years as criminals seek ways to monetise their malware endeavours by holding your data to ransom.
Symantec reckons it’s a crime that turns over more than £3 million a year, and the evidence suggests it has spread far from its original eastern European base (where it was concentrated until fairly recently). Indeed, to the best of my knowledge, there are now approaching 20 different ransomware malware families, each with many variants and all active out in the wild.
It isn’t all good news for the bad guys, though: in the run up to Christmas, the Police Central e-crime Unit (PCeU) announced the arrest of three people involved in the ransomware business in the UK.
The "unlock" file they tell you to download may infect your PC with yet more malware
In this case, it seems the criminals were using a splash page featuring Metropolitan Police and PCeU logos that claims the authorities are monitoring your online activity and have detected offences being committed. As a result, your computer is put in a locked-down state until you pay the "ransom" – a £100 fine.
Of course, the actual implementation of such ransomware attacks varies considerably, but they all have similar roots and exit points: malware or malicious links to infect, and monies to be paid in order for locked data to be released.
Actually, it isn’t quite as simple as paying the ransom and getting your data back, for several reasons. First, remember you’re dealing with criminals – why should they care about your data? They only care about your money and have no incentive to unlock your PC after you’ve paid up. Second, these criminals will be keen to maximise their profit from every victim, so if you pay by credit card or provide your bank details they can commit further fraud using this information, or sell it on to other scammers. In addition, the "unlock" file they tell you to download may infect your PC with yet more malware.
A ransomware attack is a lose-lose scenario for the victim (unless, that is, you have a hitman to hand). It’s far better to avoid being infected in the first place, which means employing the usual kinds of common sense and security software. Better, too, to have all your data backed up, so you can restore it without paying any ransom, or a nice clean disk image to drop back into place. Of course, not everyone is so well prepared for disaster, and the folk who are most at risk are the ones who are least likely to keep backups. So what can be done if your computer is infected and you’re not prepared to pay up?
One big problem following a ransomware attack is that unlocking your data isn’t easy. It can be done, most often by re-booting the computer to run a Linux environment from which the rogue files can be identified and deleted.
But this isn’t straightforward nor always successful, since it’s often difficult to uncover the files without the "live" ransomed Windows environment running to provide forensic clues. This is where the hitman comes in, or more precisely, the HitmanPro.Kickstart functionality that’s been added to the latest version of an anti-malware "second opinion" file scanner called HitmanPro.
HitmanPro.Kickstart enables the victim of a ransomware attack to create a bootable USB flash drive with which to reboot the infected machine and recover from the lockdown by clearing up infection without further manual interaction. It looks good, so you might want to make a note of the Kickstart download site should you – or one of your friends or family – become a victim.
Earlier this year my brother lent his HDD to someone only to find his data 'missing' and his AV removed an autorun malware (so I don't know for sure if it was ransomware).
After I looked at it, it turns out that the malware had just changed the file attributes to system files (which were hidden by default on his system).
I managed to make the files normal by changing their attributes in cmd.
By tech3475 on 18 Mar 2013
If you are a fan of CSI, be it the Gil Grissom original or the various spin-off shows, it's probably better if you don't get called up for jury service as there is a very good chance that you have become a victim of the dreaded 'CSI effect.' This article addresses what the CSI effect is and its impact within the court room.
By Glennon on 10 Sep 2013
Davey is a contributing editor to PC Pro, having covered the internet as a topic since the magazine started in 1994. Since that time he's won numerous awards for his journalism, but remains a small-business consultant specialising in privacy, security and usability issues.
- Invoices and VAT: how to set up your documents correctly
- Nexus 5 vs Samsung Galaxy S4 Active: the best phone for avoiding screen burn
- How much is a social user worth?
- The key to choosing a secure password
- Thunderbolt Bridge: a fast Mac migration tool
- Should you advertise on Twitter?
- How to track a lost smartphone
- Self-publishing success: the best way to sell your book
- 1.6TB SSD: why would you need one?
- Tips for the best PowerPoint presentations
- Hour of Code: five steps to learn how to code
- Sony Xperia Z2 Tablet review: first look
- Sony Xperia Z2 review: first look
- Samsung Galaxy Gear 2 review: first look
- Nokia XL review: first look
- Samsung Galaxy S5 review: first look
- Nokia X review: first look
- Censorship by copyright: Myles Powers and abuse of DMCA takedowns
- Turn an old smartphone into an in-car entertainment system
- Apple's OSes set to surpass Windows
- Office 365 goes social with "Oslo" news feed
- Windows XP: upgrading 30,000 PCs in 30 days
- LibreOffice: ignore Microsoft's "nonsense" on government's open source plans
- Intel Xeon E7 v2 servers support 6TB of RAM
- Microsoft promises video calls between Skype and Lync
- Office for iPad due before July
- Windows 7 on business PCs gets an extension
- Windows apps land on Chromebooks with VMware
- Office 365 gets two-factor authentication
- Microsoft: best way to upgrade from XP is to buy a new PC