Ransomware is a type of malware which blocks access to your computer – and demands that you pay a ransom to the virus creator to remove the blocks.
A common example in 2012 was Reveton – often known as the ‘Police virus’ or ‘Ukash’ (the name of the payment service used to monetize the scam).
Reveton claimed to be from a law enforcement agency and blocked Windows from starting unless you paid a ‘fine’ – for supposedly downloading illegal content. Fortunately, ransomware like this only blocked Windows startup and was quite easy to remove – once it had gone there were no lingering after effects.
However, Sophos reports of a new variant of ransomware which doesn’t block Windows startup – it encrypts your personal files, making them permanently unreadable: “On infection, the malware searches for specific types of files (using a list of over 110 file extensions; .doc, .jpg, .pdf, etc), encrypts them, and renames the now unreadable file with a .BLOCKAGE extension”.
Unless you pay the malware creator, your files remain encrypted.
Previous examples of encrypting ransomware used weak encryption methods which antivirus companies were able to break – and provide victims with the key required to decrypt their files. However, this new variant uses AES-256 ‘military grade’ encryption which is considered impossible to crack.
Put simply, if you are the victim of this particular ransomware encryption, you can kiss all your files goodbye – nobody except the malware creator is going to be able to decrypt them. The best solution would be to ‘nuke and pave’ – erase the hard drive, reinstall windows and restore your documents from a backup (hopefully you do have a backup…)
[Obviously it is not recommended to pay the malware creator as they probably wouldn’t give you the key to unlock the files anyway – like a blackmailer they could just ask for even more cash, and then more again when they see how desperate you are – plus, you’ve given your payment/identity details to a criminal…]
This is just one variant of ransomware but due to its clever encryption techniques there is a good chance it will be copied by other malware creators in future.
As well as following all the usual guidelines on how to avoid virus infections in the first place, the unique nature of this threat (permanent loss of all your personal data) requires extra precautions to mitigate the impact:
1. Backups
Make regular backups of your personal data – see how to backup files and remember to include less obvious data like Favorites/Bookmarks and email.
2. External hard drive – best practise
If you use an external USB hard drive for backups, do not leave it switched on and plugged into your computer (or the mains power) all the time – only connect it up when you need to make/restore a backup.
If left plugged in, this type of ransomware would encrypt your external drive too – before you realize what has happened all your backup files would become just as useless as the documents in your computer’s hard drive.
Regardless of ransomware, it is always best practice to leave an external backup drive unplugged (preferably in another room or location) – to protect it.
If left plugged in or connected via a USB lead, there is a chance that the external drive could be damaged by a major power surge or lightning strike – at the same time as the internal drive in your PC, leaving you with no backup at precisely the time when you most need one…
Conclusion
The type of encryption used by this latest ransomware is game over as far as the victim’s personal files are concerned – unless they have a good recent backup their files are basically gone for good.
We always recommend backups for disaster recovery e.g. theft or hard drive failure but this threat adds one more reason to backup regularly – and keep backups away from the computer when not in use.