Ramsomware: cybercriminals kidnap your digital data and demand money to return your files or you will never see them again. Pay up with bitcoins (untraceable currency)and the private key to decrypt your files will be given to you. Don't pay up and the private key is scheduled for destruction and you lose your files forever.
Sounds pretty simple and if you are desperate enough for the files you may pay up.
TelsaCrypt is having a devastating effect on businesses, once the perpetrators work out they have captured crucial business data that you simply must have to stay in business. The hostages' businesses are now more likely to give serious consideration to pay the ransom, just to get their business back. Imagine you built up this data over a decade and will lose everything you built (data-wise) The ransom is starting to look like a small price to pay when one considers you could make the money over just by having the data form a single client.
That's exactly how they want to you to reinterpret this kidnapping. Stop thinking that way. To help hapless shell-shocked victims face the daunting task of establishing a Bitcoin account and depositing funds and paying the kidnappers, they have even resorted to setting up help desks to walk devastated victims though the process. Of course this takes money, your money if you are foolish enough to part with it, then welcome to FEAR. Their biggest weapon.
Imagine walking into the office to the following on every screen.
Ramsomware has been around for a long time but it was mainly aimed at the gamers. But of course they did not have the money. Now the cybercriminals have turned their attention to everyone including businesses with local area networks. They infect Windows and Mac computers by creeping through every network device and folder silently encrypting your important digital files, scary huh! The F.B.I. issued a warning on 29th April 2016.
This is Cybercrime like we have never seen before. We are warned it coming to a smartphone near you.
WHAT SHOULD YOU DO?
IF THIS HAPPENS TO YOU DON'T EVEN CONSIDER PAYING THE $500-700-1000+ RANSOM - as you have no guarantee the criminals will help you. Your files are gone, move on.
How did I get this?
It comes to you when you open an infected email attachment or just visit a legitimate web site that has been seeded with the trojan and it is relying on your computer not being protected.
How does it work?
Once infected, TeslaCrypt or its variant, goes to work silently and encrypts all targeted file extensions (the ones you can't afford to lose) on all drives and devices connected, including any computer on the local area network, and and it locks them all down with military standard encryption.
All your productivity files are affected. Here is a short list of some of the popular extensions it encrypts.
The First Sign of a Problem
You try to unzip your (.zip) archive file and it has a MP3 icon instead...
The world's top cryptographers are not at all optimistic. I strongly recommend going to BleepingComputer and taking their advice on your specific variant of infection.
Getting your data back
It could take a decade using brute force 24/7 super computing power just to crack the code, because the private key is no longer stored on the victim's computer, it is stored only on a secret server with Bitcoin. A fix is just a maybe, but don't hold your breath.
Don't bother with all the promises on the web to fix them. They are just selling programs to remove all the files it litters each folder with. In fact one of the fix sites I checked tried to put another malicious file on my test computer just by visiting it. So beware.
So back to the title. Why is the threat of Ransomware so overrated?
Because this is about psychological warfare. if the perpetrator smells fear they will bit hard. Liken it to being held up in a bank (hopefully you never have to go through that ordeal), but for the illustration, imagine the gunman who is already in the bank, and pulls out a gun, lets off a few rounds and screams at everyone. Imagine how you would feel. In a state of shock, unable to think clearly. Your mind is racing and you are incoherent. Now imagine how you would feel when the you see those black ransom notes on the screens of your network, that they have all be locked up.
If you take some very simple early steps all this heart ache and stress can be avoided.
- Keep your computer full patched with the latest security updates
- Keep your antivirus/anti-malware up to date.
- Back up from an external back up device that is not part of your network
- Never open email attachments without scanning them with an up to date scanner
Simply drag and drop all those files to safety of an external device.. It could be a thumbdrive, USB drive or any storage device. Once you have done your backups, disconnect the external drive/device and store it away. Doing regular incremental backups is the best you can hope for.
If you are hit by this, you WILL lose all your important files, but don't panic, and don't pay the cyber criminals anything. They are already wealthy and will use some of the money to improve the encryption.
Now that you have backups, you simply reformat the computer with a clean install and restore your files from the backup.
Let's hear what you think. Join the discussion.