There is currently a lot of media attention regarding a particularly nasty form of computer viruses or Malware known as Ransomware. Strictly speaking, it is not a virus in that it does not break into your computer on its own … it tricks you into allowing it in using social engineering. It then uses features of your operating system to encrypt your documents, pictures, music and other data. You then get a rather rude message demanding payment for the key to return your data to a usable state.
Ransomware has been around for a few years now. The current furor over the use of stolen NSA “tools” is about how the thing spread so fast … not the basic concept of holding the encryption key hostage for payment. There is nothing wrong with encrypting portions of your data. It is a preferred way of ensuring privacy so that only those with the authorized keys are allowed access. In fact, it is a requirement of much legal, medical and government communication. The crime here is to do it to someone else’s data and then hold them up for the key to decipher the data.
The only thing you can do to PREVENT getting the Ransomware type of Malware is to be careful what you open (attachments). Use common sense … UPS and FEDEX state that they DO NOT send you attachments about shipments. Basically, beware of ZIP attachments as this is the most common infection vector. Attached PDF files about invoices and overdue payment demands should also be avoided. If you really owe somebody money and they want it bad enough, eventually they will pick up the phone and call you. The IRS never sends you an e-mail demanding payment or Credit Card information. Banks never ask you for your password or PIN. Never follow a link to reset a password … log into the site directly and go into your account management to make any changes. If in doubt, call the institution using a known good number … not something supplied by an e-mail. Another common tactic is to send out a blind message implying that your mail account is overfull and you have to make some change to it or re-establish your account. Most likely you don’t even have any such account. But if you log in to do what they requested, chances are you are going to use the same password as some of your legitimated accounts or the same PIN. They then use that information to try to hack your other accounts.
To protect your data, use a good cloud-based backup system that does versioning. We recommend and use CrashPlan by Code42. There are personal, family and business plans available. Each time a file is opened and then closed it is backed up. This way you can retrieve a copy from the last hour, day, week, etc. until you get the desired result. If your data has become corrupted and the bad files now backed up, you simply go back to the day BEFORE the infection and get the version to restore. Carbonite is another such online backup plan. We have used both and while we prefer the interface to CrashPlan, they both work well.
If your system should get infected, it will have to be rebuilt anyway. That can always be done if you have copies of all of your programs … it is the DATA that makes your system unique. Using Acronis or another disk imaging product will get the system up to a usable condition faster and then the restored data is applied over that. We have done this several times for our customers in the past. It is aggravating … but it works. We will be glad to help anyone who has further questions.
A common rule of thumb is that if seems too good to be true, it probably isn’t. Same holds true that if it seems too BAD to be true, it could well be a scam. In today’s world of “IoT” (Internet of Things), the more skeptical you are, the better.
That … and backups, Backups, BACKUPS …