Posted on 8th June, 2014 | No Comment
In case you live in a cave somewhere, #ransomware has become a very profitable enterprise for a group of criminals from the (predominantly) eastern bloc.
I am currently in the process of recovering the data from a laptop infected with Cryptowall – the latest very nasty iteration of this #extortionware. The “IT guy” at this woman’s office told her she would “lose everything” and they would have to reinstall her computer from scratch to fix the problem.
While the computer appears to have been encrypted to keep you from accessing any of your data until you pay the ransom ($500 in this case), your information files still exist and look like they always did. However… The files have been encrypted so that they can no longer be opened with the original application. JPG files cannot be opened. Documents cannot be opened. PDF files cannot be opened.
There is the remote possibility you can clean the infection off the computer and activate the Shadow Copy function to restore your files that Windows automatically backed up. It’s a long shot, as the sleazy individuals who wrote this malware also thought of this and these files are usually encrypted as well. It’s a very long shot.
How did she get into this mess in the first place?
These infections are distributed in one of two ways.
1: emails with bogus links that direct you to infected web servers which in turn infect your computer.
2: “Malvertising” – Internet ads that redirect you to these same infected servers. Lately, the biggest risks have come from ads on Facebook, awkwardfamilyphotos.com, the guardian.co.uk and Disney. There are many others.
What can you do?
1: Never open a link in an email before verifying it’s destination. Contact the sender if necessary and ask if they intentionally sent it to you first.
2: Do NOT click on popup ads from any site. If you see an ad for something interesting, do a Google search for the company and look for the item that way.