If you are a Windows user and open any url or email without verifying its authenticity, then you are at risk of getting your whole system data decrypted by a malware popularly known as “Ransomware”.
Now a days it is on rise in US and possible in India as well very soon. This malware will show you a personalize page stating that “You have violated some sort of federal law and your computer will remain locked until you pay the fine.” Or you may see a pop-up message telling you that your personal files have been encrypted and you have to pay ransom to get the key needed to decrypt them possible with some counter and details about how and where to pay the money.
Below images will show you how it looks like:
YOUR COMPUTER HAS BEEN LOCKED BY FBI
Or something like this with counter and other payment details
If you see any such unusual activities in your system then you are definitely one of its victim. Well. Once you pay the ransom, it’s not guaranteed that your system will not get infected again and you don’t have to pay ransom again.
Ransomware was seen in action for the first time in 2012 affecting Russian users and then it evolved by many names. Currently it is termed as “CryptoLocker 2.0” and Cryptolocker gang may be behind this notorious activities. FBI wrote about this in their official blog site.
CryptoLocker is a variant of ransomware and it appears to have been spreading through fake emails which looks like coming from legitimate companies or with some sort of job opportunities, packet delivery notification etc.
Ransomware doesn’t only target home users; businesses can also become infected with ransomware, which can have negative consequences, including:
- Temporary or permanent loss of sensitive or proprietary information;
- Disruption to regular operations;
- Financial losses incurred to restore systems and files; and
- Potential harm to an organization’s reputation.
Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.
Website owners should be aware of this malware also as they often try to get their site into Top of Google search page by using some Black Hat SEO techniques. They also need to be aware of any such tools which will show them some fake scan results of their computer system and prompting to buy “Fake Anti-Virus” which will remove all such infections etc. Below image illustrated it better.
Protect Your Computer from Ransomware
- Make sure you have updated antivirus software on your computer.
- Enable automated patches for your operating system and web browser.
- Have strong passwords, and don’t use the same passwords for everything.
- Use a pop-up blocker.
- Only download software—especially free software—from sites you know and trust (malware can also come in downloadable games, file-sharing programs, and customized toolbars).
- Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if you think it looks safe. Instead, close out the e-mail and go to the organization’s website directly.
- Use the same precautions on your mobile phone as you would on your computer when using the Internet.
- To prevent the loss of essential files due to a ransomware infection, it’s recommended that individuals and businesses always conduct regular system back-ups and store the backed-up data offline.
US-CERT has given solutions here to prevent and mitigate such issues.
FireEye claims to have an online tool to provide free keys to decrypt the system locked by this malware although I have not tested it personally and didn’t hear any other companies claiming for the same.