If you have not heard of the rampant computer virus/malware called "Ransomware", you will soon – but hopefully not by personal experience! As of the time of this writing, there are approximately 4,000 ransomware incidents per *day*; increasing all the time.
Yesterday's news changed everything with the Ransomware self-propagating worm (Wcry, WannaCry, WannaCrypt). From initial reports: Over 75,000 machines in 100 countries hit with this ransomware in about 24 hours, taking down hospitals, financial systems, etc.. Thus, I feel compelled to make this blog post now; much of it was written weeks ago. (Although it appears this current outbreak has been stopped, this type of ransomware is guaranteed to continue.) (See money.cnn.com/2017/05/13/technology/ransomware-attack-nsa-microsoft and mailchi.mp/staysafeonline/greetings-and-updates-from-the-ncsa )
(Update: Ultimately there were over 200,000 computers infected, in over 150 countries. We got off easy on that one; there are some reasons I won't go into, but this should have, and could easily have been, over a half million computers.)
What is Ransomware?
Ransomware is malware that encrypts (scrambles) your computer files, making them inaccessible. You are then requested to pay money to get your files back (i.e. to pay a ransom). If you do not pay, you most likely will permanently lose access to all your files, including photos and documents.
How to defend against Ransomware?
You should follow the steps in my "Essential Security Practices" and “Simple Backup Strategy” documents on the www.ComputerSecurityNW.com website. :-)
1) Keep an Updated Backup of your data. (Make sure it is kept offline or in the Cloud, NOT on a hard-drive that is always attached to your computer; or that may be encrypted also.)
2) Run updated malware protection (antivirus)
3) Keep your software updated! (Operating system [e.g. Windows updates], Adobe Flash, Adobe Reader, Java, etc.) - (Subsequent Note: WannaCry would NOT have infected ANY computers if they were all patched with the regular patches released by Microsoft. Patching plugged the vulnerability used for this attack.)
4) Do NOT click on attachments you get by email! (Unless you know for a fact you were meant to receive it and it is free from infection.)
5) NEVER click on a link from a website that pops up on your screen telling you that you have a virus and you should "click here", and do NOT visit shady websites.
How do I know if I have Ransomware on my Computer?
Believe me, you will know. All your files will no longer be accessible and you will most likely have a big message on your screen that says something to the effect that, "Your files are no longer accessible. Please follow these instructions and pay this amount to get your files back." (See an example of this message from the last link in the Resources area below.)
How to Recover from a Ransomware Event?
Regardless of your security practices, it is still possible to get ransomware through various means (too many to talk about here).
SO, the most important thing (as mentioned above) is to have a current backup of your data. If you have a backup, then you can reload the operating software on your computer and then restore your files! You are good to go.
If you don’t have a backup, then your options are:
(1) Determine what kind of ransomware was installed on your computer. It is possible that a decryption key exists that will let you get your files back for free! (See if your files can be decrypted for free at the first link in the Resources area below.)
(2) Pay the ransom (which may be a little complicated since you typically need to do that in BitCoin) and HOPE that you are given the correct information to get your files back without being extorted for more money. No guarantee crooks will be honest!
(3) Say goodbye to all your files, photos, documents, spreadsheets, movies, etc. Rebuild your computer from scratch and move on with your life without these files.
NOTE 1: In order to recover from a ransomware event, you may need to get technical help (either from a professional or a friend/family-member); don't hesitate to email me or ask someone you know for help.
NOTE 2: You may need to make some decisions fairly quickly as some versions of ransomware will start deleting your files within 24 hours if you do not pay, or may say you only have 3 days to pay or the files will be gone forever. They want you to panic and pay up; not giving you time to think clearly.
Please ask if you have further questions.
No More Ransomware: www.nomoreransom.org (This is a place that can help you determine if you have a ransomware version that can be removed for free!)
Ransomware Prevention Advice: www.nomoreransom.org/prevention-advice.html
"Remove ransomware infections from your PC using these free tools": www.zdnet.com/article/remove-ransomware-infections-from-your-pc-using-these-free-tools
See the screen/message of a computer with ransomware here: "This ransomware is now one of the three most common malware threats": www.zdnet.com/article/this-ransomware-is-now-one-of-the-three-most-common-malware-threats
Why did the WannaCry ransomware spread?
1) It was a self-propagating worm. Once a machine was infected, it affected other machines on the network, without any human action needed.
2) According to Troy Hunt, "It's because you didn't upgrade or patch your things!"
“You know how people say you should keep your software up to date, right? Hello? The eternal problem is that for individuals, there's the often the attitude of "well it works fine, why should I change it?" and this is enormously dangerous.” www.troyhunt.com/everything-you-need-to-know-about-the-wannacrypt-ransomware/