WHAT IT IS
Ransomware is a type of virus that encrypts your personal data and then demands money to decode (or unlock) it.
Encryption is how secret messages are coded and it's almost impossible to crack without the decode key- it would likely take years for a standard computer to crack the code.
The current ransomware is an enhanced version of one that appeared in late 2013.
HOW DID I GET IT?
Most commonly it is transmitted either by:
- Hacked websites that attack vulnerabilities in Java, Adobe Flash, Acrobat Reader, or Windows.
- Email attachments. A common email might say something like 'We tried to deliver a package but couldn't, see attached .pdf for information'. Really anything to get you to click on it. Always be wary of attachments on email.
WHAT IT DOES
- Encrypts all your files (documents, pictures, music, databases, archives, spreadsheets, etc) and adds a new extension (.exx, .ecc, .ezz usually)
- Affects ALL drives on the computer (including connected flash drives or mapped network folders)
- Deletes restore points
- Puts HELP_RESTORE_FILES.txt files in every affected folder
- Changes background to an image containing instructions to pay ransom
The instructions detail a complicated method of paying with bitcoin (online electronic currency) on a layered website or through Tor network.
WHAT DO I DO??
Security experts always recommend that you DO NOT pay the ransom (usually between $500 - $700). It's no guarantee that you will get a key to unlock your data at all, and you're rewarding criminals.
IF YOU THINK YOU ARE INFECTED WITH RANSOMWARE:
- Turn the computer off immediately
- Bring it in to us right away- don't wait. In some cases we can retrieve your data if we get to it quickly. Bring in any attached drives as well.
- Check other computers that had mapped drives on the infected computer
HOW CAN I PROTECT MYSELF?
- Take precautions online. Be wary of popups and unknown sites
- Keep software up to date, like java, shockwave, flash, and windows
- Have a good antivirus program with a current subscription
- Don't leave backup drives plugged into the computer