Think your computer may be the target of a virus or malicious software attack, that seeks to extort money from you?
You are not alone. Usually known as ransomware, in recent times, this phenomenon has become increasingly problematic, with computer users from hospitals and retail outlets to government institutions, universities and the average consumer (you) being targeted.
Ransomware (Ransom Software) is characterised by the deployment of malicious (damaging & harmful) software on your computer that restricts your access until you pay the ransom (hence the name). There are several variations of ransomware, some actually encrypt your documents, photos & valuable data or just make your computer unusable. When this occurs, it can be near-impossible to retrieve your documents using conventional means. As such, many victims cave in and pay the ransom, even when there’s no sure guarantee of the restriction being lifted or whether they increase their demands.
Mostly, these attacks come from fraudulent emails that look legitimate, but take you to another website instead or inject damaging software into your PC. Ransomware can get on your PC from nearly any source that any other malware (including viruses) can come from. This also includes visiting unsafe, suspicious, or fake websites.
Opening emails and email attachments from people you don’t know, or that you weren’t expecting (or kind of was expecting – bad timing). Clicking on malicious or bad links in emails, Facebook, Twitter, and other social media posts, instant messenger chats, like Skype.
So, what should you do if you’ve been the victim of ransomware or any phone or mail scam?
First and foremost, disconnect your laptop or desktop computer from your home or business network modem / router (assuming it’s still connected) and then turn your computer off. Leaving the infected computer connected to your home or business network, will place other connected computers and devices (including backup drives) at risk of infection. To isolate the damage, you must disconnect the infected computer from the network immediately.
Then contact SCAMWATCH (ACCC) to report the incident to Scamwatch ACCC Infocentre on 1300 795 995 or another computer that is not connected to your home / business network.
Contrary to what may seem to be a good idea – to run an anti-virus scan straight-away, to ensure the best possible outcome, please refrain from doing so and shut down your PC.
Please be aware that some types of ransomware may not allow you to shut down your PC, using the normal Windows Shut-Down procedure. In this case it’s best to shut down your computer manually, by pressing and holding the power button for at least 5 seconds.
Depending on the type of ransomware and way in which it was deployed, you may hamper the reversal of the encryption (or lock) that was placed on your documents, if you run an anti-virus scan. This is due to newer versions of ransomware using advanced cryptography, that may only be reversed (DE-crypted) using specific tools I use, to determine the algorithm that was used to encrypt your files in the first place.
Even if your files have been encrypted and locked, and I wasn’t able to reverse the encryption, you may still be able to retrieve them, using the following methods:
1. Online & Offsite Backup using Flash Drive or Portable Hard Drive, that wasn’t connected at time of infection.
Chances are, if your backup device / drive was connected at the time of the infection, you will find that these files have become encrypted also (unless you were lightning quick to turn everything off). Backups also made through any cloud solutions like Google Drive, OneDrive, DropBox will have also become encrypted too.
What should you do if this is the case? Firstly, any PC that is using the same Google Drive, OneDrive, DropBox account, should be turned off immediately, as the infected files in your Cloud backup will shortly overwrite the local copies of those files on each PC. Also disconnect any backup devices immediately.
If you didn’t have your portable backup device connected at this time and had recently done a backup, then the best course of action is for us to backup your entire hard drive, wipe your hard drive clean and restore a backup, before the ransomware attacked your PC.
2. No backups or all infected? eMail Software like Outlook, Live Mail & Thunderbird may Still contain sent & received documents (as attachments).
This is the last resort. Unfortunately, there is no guarantee whatsoever, that your documents can be retrieved using all available and known methods. In this case, you may still be able to look through your eMails and retrieve recent or old documents sent or received as attachments.
Okay, so let’s say, your PC is not infected by any Ransomware. What steps should you take to ensure you have always got a backup?
- Get yourself a Reliable Portable Backup Drive (Western Digital is great) – grab 2 and keep a less regular version backed up (or alternate between backups)
- Schedule regular backups to occur on certain days and time
- Only connect your backup device shortly prior to this and once backup is completed, disconnect drive from your laptop or PC.
- It is tempting to leave the drive connected, but if your information is valuable, please ensure it is disconnected after each backup.
- Ask about regular Online Backup Solutions that I can setup for you.