Be aware, your data could be taken hostage.
By Klaus Fuechsel
This warning is meant to be scary. Just like most computer owners, I store a lot of things on my private computer, including over 10,000 scans of old slides, photos, and family data. Some content is heirloom documents older than a hundred years old. In addition, I have begun recording hundreds of vinyl records from my collection in order to be able to play them safely via iTunes and Alexa. To make a long story short, there are over 2 terabytes of personal data on one of my drives, which I definitely do not want to lose.
What is an Encryption Virus?
Recent cases of the “encryption virus” (also known as ransom ware) that I have had to deal with for my clients in the company make me very nervous. How would you feel, if one day you saw a pop-up message that stated all your personal files were encrypted?
What does this even mean? In this case, the encryption virus “Cryptolocker 2.0” has managed to encrypt your usable data (not the operating system) with military-grade technology and demanded payment of half a bitcoin.
The hackers that caused the damage are asking for a ransom payment to decrypt your files. Should you pay? The half a bitcoin can’t be that much, right? Did you know that in January the bitcoin exchange spiked to $1,100 per bitcoin? Ouch.
So you might think you have no choice but to pay it. But wait; have you ever seen a bitcoin before? This is unlikely, because bitcoins are mainly digital, existing in an online “wallet.” This is an account set up on a secure third-party website. To pay the ransom, you would have to set up an account, pay with a credit card to convert money to bitcoins, then transfer the bitcoins to an online address in the “Dark Net” (a side of the internet that can not be traced or controlled).
By the way, the IRS might contact you to find out what transaction you are making with bitcoins because this currency has been abused by tax evasion experts. Once you have paid in bitcoins, you should get the decryption key in return, but there’s no guarantee. Once you have paid, the money is gone; it’s untraceable and there’s no way to get it back. If you paid too late (sometimes there’s an expiration date by which the money has to be paid) you may get nothing in return. Another possibility is that the police may have taken down the server with the decryption keys, in which case you would still get nothing.
How Does Bad Encryption Happen?
So how can you prevent such a virus attack? Don’t open emails and click links from senders you do not know, or emails from someone you do know but look strange or seem “off” in some way. Lately, the attacks (sometimes called spear phishing) have stemmed from fake emails from “Fedex” luring you into opening the email and clicking on a link (known as the origination link).
Clues to Infection of Your Computer
You may not realize right away that anything has happened since your computer will continue to work more or less normally. You would not notice a change, other than that the system is a bit slower and is always busy doing something (for instance, the hard drive light may be constantly blinking). At this point, the infection is in the computer and has begun encrypting files. This might take minutes or days, depending on the amount of data. A clue that your data is being encrypted would be the names of files being changed to something like “picture.crypto.” The virus will be creating extra files with each encrypted directory on the hard drive.
Once the virus can’t locate any more files to encrypt, it pops up a bit screen like the (FIRST) above image. At this point, you could pay the ransom, but this is not recommended since this encourages the criminals). Hopefully, you have a good backup of most of your data. The worst case scenario is that your backup files or drive were encrypted as well. Note that putting your data into the cloud does not keep it absolutely safe. Your Google drive was probably busy synching those encrypted files right into the Cloud.
What to do if you have a problem
Since encryption viruses are a new “breed,” a widespread release of them would be a real catastrophe, impacting our personal lives, businesses, and the economy. A computer belonging to one of my clients was held hostage against payment of 3 bitcoins for his ton of data! He has decided to wait it out, hoping that a decryption key or algorithm might be discovered sooner rather than later. I sincerely hope he’s lucky. Some encryption viruses (usually the older versions) contain flaws, which enable a computer expert to decrypt the data more easily. Police have taken some servers down and obtained “decryption codes” that might be helpful in the event your data is encrypted. I also recommend checking the “Ransomware Decryptor” from Kaspersky to see if they have found a key or solution to your specific encryption virus. Unfortunately, the virus creators are getting smarter and smarter, so expert tricks like “restoring from the shadow copy” may not work anymore. In bad infection cases, a Windows reinstall and a data transfer of cleaned data would be required to restore your system to normal.
Backing Up Data is Important
Don’t let bad encryption happen to you. The best way to prevent this kind of damage is with solid, updated antivirus protection and caution in opening emails and clicking links in emails or elsewhere on the web. Store, and/or regularly backup your data to multiple external physical hard drives that you disconnect after each backup, and employ a backup scheme that keeps multiple versions of files so you are able to restore an older unencrypted version if ever necessary. If you have seen a decryption virus pop-up, or are worried that your computer is infected in this way, take it to a computer repair and virus removal professional.