By Alan Graner
What is ransomware?
Ransomware is an online extortion racket.
It encrypts your data, rendering your computer useless, unless you pay a ransom to unlock it.
“You’ve just opened a Web page or clicked a link in an email when your computer’s desktop goes gray. A browser window pops up with the FBI logo in the top left corner. Below it is a live webcam feed with a picture of someone’s face. You try to click away but find that your browser is locked. With a start, you recognize the face staring at you from the screen: It’s you.”
An official looking message from the FBI or other legitimate organization informs you your computer has been locked because you’ve violated federal law. Common “violations” are claims child pornography was found on your computer or you’ve violated copyright laws by illegally downloading files.
To unlock your computer you must pay a fine.
How much of the fine? According to Sean Michael Kerner at InternetNews.com http://www.internetnews.com/security/the-solution-to-ransomware-dont-pay.html you can pay up to $460 per machine.
Symantec estimates up to 2.9% of people infected pay the ransom, allowing criminal gains to extort over $5 million a year.
Even if you pay the “fine,” Lance Whitney at CNET warns (http://news.cnet.com/8301-1009_3-57548314-83/ransomware-a-growing-menace-says-symantec/), the malware remains and you still have to remove it manually.
Do not pay the fine
Supervisory Special Agent Herbert Stapleton states “The FBI will never insist that you need to pay a fine to the FBI to unlock it. That’s not a law enforcement. So don’t provide any money, don’t provide any personal information if your computer is locked up by this type of malware.” http://www.fbi.gov/news/podcasts/thisweek/reveton-ransomware/view
If you are infected, the FBI urges you to file a complaint with the Internet Crime Complaint Center at www.ic3.gov.
Who’s behind ransomware?
Criminal gangs posing as legitimate organizations.
It’s believed it began with cybercriminals in Russia and other Eastern Bloc countries.
How are you infected?
According to Microsoft http://www.microsoft.com/security/resources/ransomware-whatis.aspx,
criminals install the malware when you open a malicious email attachment or click on a malicious link in an email message, instant message, social networking site or a malicious website.
How to avoid ransomware
Microsoft suggests these free solutions:
- Keep all software on your computer up to date.
- Keep your firewall turned on.
- Don’t open spam email messages or click links on suspicious websites.
- Download Microsoft Security Essentials (free) or other antivirus and anti-malware programs.
- Scan your computer with the Microsoft Safety Scanner.
How to remove ransomware once you’re infected
Symantec has published a solution, “Trojan.Ransomlock – Removal” for Norton users that’s available at http://www.symantec.com/security_response/writeup.jsp?docid=2009-041513-1400-99&tabid=3. (The process is too involved to reproduce here.)
The company also offers a free 16-page whitepaper—“Ransomware: A Growing Menace”—that details their investigation into multiple ransomware variants. You can download it at http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/ransomware-a-growing-menace.pdf.
Select Real Security also offers a step-by-step guide, “How to Remove Ransomware,” at http://www.selectrealsecurity.com/remove-ransomware.
For additional solutions I suggest you perform a web search.
If you’ve been infected by ransomware, we’d like to hear about your experience and how you got rid of it.
Image: SSgt. Renee Sitler
Alan Graner is Chief Creative Officer at Daly-Swartz Public Relations, an Orange County, CA marketing communications firm. For a PR campaign that will make you memorable, email Jeffrey Swartz at email@example.com.