A virus is for life, not just for Christmas
More than four thousand people in the UK have had their computers infected by ransomware during 2016, with over four million pounds in ransoms paid to the criminals responsible.
Ransomware is malicious software which encrypts all the files, graphics, and emails on your hard drive and then demands you pay the hacker a ransom fee to receive the decryption key. Some variants also hunt out any Bitcoins stored on the machine and steal those too. Poisonous email attachments remain the commonest way to distribute the malware and despite endless warnings, people continue to open and run attachments of unknown origin. Usually the criminals require that any ransom payment is made by Bitcoin, usually one or two bitcoins. At current rates, one bitcoin will cost about 770 US Dollars.
Many people have the mistaken idea that encryption can be cracked by a boffin, a belief fuelled by the many high-tech crime dramas on TV which routinely sees a lab tech type furiously on a keyboard and crack military-grade encryption in minutes or hours. Real life isn't like that. Modern encryption is founded in mathematics and when implemented properly, even with our fastest computers it would take months or years to decrypt quite simple messages. However, some of the criminals haven't understood the maths well enough and have made subtle mistakes in implementation of their encryption code, meaning that in a few cases it is possible to recover your data without paying a ransom. The website No More Ransom gives information on ransomware products which have been poorly implemented and can be cracked using free online tools.
Whether or not they have a rescue tool, the site quite rightly advises against paying ransoms. Paying up just encourages the attackers to continue these attacks, and even if you pay the ransom, there is no guarantee they will provide the key without further demands. No More Ransom is an alliance of Intel, anti-virus companies McAfee and Kaspersky, Europol, and the Dutch police. Other anti-virus companies such as Trend Micro, AVG, etc, also provide decryption tools, which can be found by googling for "Ransomware File Decryptor".
However, a decryptor is a last resort. Much better is to stop the malware ever getting onto your system in the first place by adopting safe computing practices, using spam-blockers on your email, and using up to date anti-virus software. Remember too that all hard disks fail sooner or later, or PCs can get stolen, and when that happens, no amount of decryption software will rescue your lost data. Backups are essential.
The days when backing up involved tedious burning of CDs are long gone. Some companies offer cloud-based offsite backup. Alternatively, if you have a relatively small amount of data that needs backing up regularly, you can buy 32GB SD cards for as little as £16. If you need to back up larger quantities of data, you can buy ridiculously compact hard drives which simply plug into a USB port to give a couple of terabytes of storage for around £80 to £100.
An important thing to remember about your back up drives is to disconnect them when not making backups and store them in a safe place away from your PC. If your back up drive is permanently plugged into your PC, ransomware will happily encrypt all your back up data too.
30th December 2016
This article comes from the SKILLZONE email newsletter, published monthly since January 2008, and covering topics related to technology and the internet. All articles and artwork in the SKILLZONE newsletter are orignal content.