28/01/2017
Hello All, I am seeing more and more computers encrypted/infected with ransomware, what is ransomware? some of you may have heard of it but for those that haven’t here is a very brief explanation, Ransomware encrypts all of your files using RSA-2048 so they become unusable including and not limited to photos, videos, document all those baby photos/videos you have become useless and getting them back…..well this is where it becomes interesting, why? Because how it works you download a file or open up that unsuspecting email and no time flat all your files are encrypted, what you have left is a ransom note either on your desktop with instructions on what to do or every file you try to open redirects you to a website asking you to pay a ransom, it changes on what version of ransomware you have been infect with but the end result is exactly the same they want your money and for the privilege of getting your files back can cost you anything from $200 - $17000
A little more on how it works, once the “root kit” has been executed, it encrypts your files deleting the original files (the ones that worked) turns off system restore and does a system clean – empties the bin among other things, so no chance of turning your system back to the last good restore point, while its doing all of this its talking to a rouge computer on the net generating 2 security keys one is called a public key which will be in the ransom letter on your computer , the second is called the private key this key is what unblocks and makes your files usable once again.
If you are unlucky enough to have this happen, you have a few options,
• the first one is to decide what have you lost and do I really care if it’s gone (this is the best outcome) great I just reformat the hard drive, reinstall windows and various other things and move on
• so, you have decided you require the files that were on your computer, first I or any other tech worth their salt can analyse the computer and see if they can recover the files without paying the ransom
• OK, your tech can’t help you and your going to pay the ransom, I’m not saying don’t do it, just remember you are dealing with criminals and it’s up to them if they want to send you the private keys, they might wouldn’t hold my breath they may try and extort more money from you, if this happens and I know it has, you’re never going to get the keys to unlock your files
If your taken the time to read this I thank, you so here’s a warning external USB devices that you may use to back-up your files or NAS devices are not safe if they are plugged into your computer or network and are turned on depending on the variant of ransomware you get these will be encrypted as well at the same time as your computer
Buy a good anti-virus, free doesn’t mean good, even think about a wingman for your anti-virus application, there are lots of things we can do to protect ourselves from such threats, if you need advice please give me a call
