Can virus problems on Windows get any worse?

imageJust when you thought you’d seen it all. Spyware that locks up your computer, viruses bit force your computer to crash, annoyances that pop up windows over and over, but you haven’t seen the worst of it. There is a whole new class of virus making its rounds on the Internet, and this one’s about as bad as it can get.

The industry is calling the term ransomware. And that does a pretty good job of describing it. Ransomware is a virus that once installed on your computer encrypts all of your files with a high-quality encryption key and then asks you to pay to have your files released from encryption.

The definition of ransom where is as follows:

Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed.

It sounds hard to believe, or something you would only see on TV, but it’s very prevalent on the Internet right now. Typically this type of virus gets installed by normal means. Machines that are not running antivirus software, or people who either don’t read the dialog boxes that pop up or pay no attention and click on them. But once it’s installed, this virus is much more than an annoyance. It silently, and in the background, encrypts all of your files so that you can no longer open them up. If you try to open one of the files your ask for the encryption key, which the virus sets and you have no control over. Then, once it’s done all of the damage, it pops up a box on the screen requesting you to pay to get the encryption key. And they don’t ask for just a few dollars like some of the old viruses, they typically ask for between $300 and $500 to get the encryption key and unlock your files.

If your computer gets to the point that it asks you to make a payment you’re pretty much out of luck. The only hope you might have would be if you have your good back up and can recover files from the back up. But if your backup drive is connected and running all the time there’s even the chance that it’s encrypted your back up.

I’ve run into this situation twice in which even though the user was backing up their computer the backup was connected and was encrypted also.  And since these viruses use very capable encryption software, there is really no way to get your files unlocked unless you pay their fee. Most of these ask that you pay the fee through prepaid cards that you purchased at Walmart or Walgreens. You then send the card numbers to a particular website and hope that they provide you the key to unlock your files. If this sounds grim, your understanding correctly. It is.

Often, the ransomware will claim you have done something illegal with your PC and that you’re being fined by a police agency or government. These claims are absolutely false. It is just a scare tactic design to get you to pay the money without telling anyone.

So what’s a person to do? Well if you’ve already been infected with ransomware, it’s pretty much too late. Hopefully you’re back up will not be encrypted, and we can erase your computer reinstall your software, and restore your backup files. But if you’re back up is locked up also, you may just be out of luck. You could always pay the fee and hope for the best. But paying the fee encourages more of this and in the long run may cost you much more in the future.  And there’s no guarantee that your files will ever be accessible again, even if they send you a key.

If you were to pay their fee, you need to recover your files, copy them off of your computer, and then do a full erase and reinstall of the computer.

If you’re reading this, and you use Windows, your best option is to have a back up that is not connected to your computer, preferably offsite to protect you from fire and other catastrophes.  You should also reinforce the rules of safe computing within your household to ensure that no one does anything that might infect you with a virus such as this.

  • Verify that your backup is running
  • Keep your antivirus software up-to-date
  • Install spyware software and run it at least once a month
  • Don’t click on pop ups
  • Don’t update software for my pop up while you’re in the browser. Always go to the vendor website and download from there
  • Be diligent as you compute. If something looks funny don’t click on it. If you see signs that there something wrong with your computer get help immediately and don’t just hope that it will go away

If you follow a few of these rules, and ensure you have that good off-site backup, the likelihood is you can recover from something like this. But most importantly, don’t be the person who tells me they had planned to back up tomorrow when they have an occurrence such as this. Never put off till tomorrow a backup but you could run today.