RansomWare

What is it?

Ransomware is a type of malware. Typical malware will infect your computer with an aim of slaving your computer to a hacker on the internet. That hacker can then use your computer as they see fit. Examples include:

  • capturing images from your webcam
  • recording your keystrokes
  • recording the websites you visit
  • sending fake email (with more malware) to your contacts
  • telling your computer to attack a web site (as part of a Denial of Service operation)

Ransomware, however, is different. Once it has a hold of your computer, it starts silently encrypting all your files with a key that only the hacker knows. So where your latest draft.doc was, there is now only a jumble of random characters.

The encryption is reversible, but only if you pay the ransom that the hacker demands. Here’s what the “WannaCry” ransomware looks like, made famous in May 2017 when it launched around the world, crippling most NHS hospitals/practices.

Timers

The hacker will also use two tools to put pressure on you when this happens. First, while they might want $300 in bitcoin to unlock your files, they will also prominently display a countdown, usually two or three days, after which they will double the ransom to $600.

Second, they will also display a second timer, usually a week, after which your files will be locked forever.

As far as I know, both timers are “real”, insofar as if you exceed them, their effects are genuine.

What happens if I’m affected?

That depends. Do you have a back up of all the files that you care about on the affected computer? If so, at least you have options. You can re-install your operating system (or pay someone to do so), then restore your files. Or, you can try to remove the malware with an anti-malware tool, then restore your files.

If you don’t have a back up, your options are limited. You could pay the ransom and get your files back, and that’s certainly what the hacker wants out of this. However, two things to bear in mind:

  1. You’re funding criminal behaviour. I know that this might not matter much if you’re desperate to get baby/wedding/graduation pictures back, or a 50K word draft, but there it is.
  2. You’re still infected. So if you pay the ransom, the hacker may well give you a day, a week or a month… but the malware is still on your computer and it will start up again and put you back at square one, encrypting all your files all over again.

Beyond this, your only other option is to write off the affected files, re-install your operating system (or have someone do it for you), and chalk it up as a lesson learned. The encryption used in most ransomware is industry standard – there are no silver bullets to be had here. If you want your files back, you either restore a back up, or pay the ransom.

Before paying the ransom

The main thing to note here is that ticking time-bomb I mention above. If you’re going to pay the ransom, make sure you have a large (say 32Gb) USB key handy. When you pay the ransom, hopefully your files will indeed unlock. When they do so, plug in your key, copy them immediately, then remove the key again.

If you leave the key in, and the malware starts encrypting files, it will also encrypt those it finds on the key. Make sure you remove the key when you’re not actively copying files to it!

Once you have all your files on your key, put it somewhere safe, then take your computer to a specialist to have the operating system wiped and re-installed.

Note that you might pay the ransom and not be given a key, or the key fails to decrypt your files. If that happens, you’ve been doubly had and there’s absolutely nothing you can do about it. Your bitcoin transaction will be long gone, and you still have no way to decrypt the files. Ultimately, you’re dealing with a criminal and you take your chances if you go down this road.

How do I pay?

I’d strongly suggest that you don’t! But if you must, you’ll have to obtain a Bitcoin wallet and purchase some Bitcoin. This is an online-only currency that uses a technology called Blockchain to transfer money around the internet anonymously. Currently, one bitcoin is worth around £1300 (May 2017).

You’ll need another computer, temporarily. Also, since you don’t have a huge amount of time, you’ll probaly want to use an online wallet instead of downloading wallet software to your temporary device. However, when you do this, you MUST store (with pen/paper if necessary) the wallet’s URL. If you lose the URL, you lose your money!

More information on the Bitcoin WIKI.

So, basically, use one of the online services to create a wallet, store its URL, then use one of the currency sites to buy the necessary amount of Bitcoin into that wallet. Finally, you can process a transfer, using your online wallet site, from your wallet to the ransom’s wallet.

I don’t have a backup, but I have Dropbox!

That’s better than nothing, but remember the way that Dropbox works: when it sees a new version of a file on your computer, it will instantly start uploading that file to your Dropbox account. That means that when the ransomware was encrypting your files, Dropbox was syncing the newly encrypted files too. So when the malware activates its doomsday message and demands payment, you will likely find that all your Dropbox files are also encrypted!

Luckily for you, Dropbox does keep a version history. Even better, the Dropbox support desk offer an option to rollback all your files to a point in time – but you’ll have to contact the support desk to do so (there’s no option for you do this yourself). Otherwise, you’ll have to tediously click on each file you want restored, choose “Revision History” and then roll the file back to the unencrypted version.

Can I stop this happening in future?

Not with 100% certainty, but you can reduce the chance of it affecting you:

  1. Run an anti-malware tool. I recommend Avast, as it’s free, low-impact and simple, but anything, even the much-maligned McAfee or Norton, will be better than not having one at all.
  2. Have a backup! Update it regularly! Keep it on a USB key separate to your computer.
  3. Use Dropbox or an equivalent.
  4. Combine #2 and #3! Take a backup, then store it on Dropbox!
  5. Don’t click on links you don’t recognise. Even if they’re from a friend, that friend may already have fallen victim to malware.
  6. Read the dialog boxes that pop up on your computer! If you double click on a word document (especially if it’s an attachment in an email) and it pops up a box that says “this document has macros enabled”, then you’d better be happy to accept a portion of responsibility when that macro turns out to be ransomware and starts encrypting your computer! The pop ups are (usually) there for a reason.

What about Macs, or Linux?

The Macs use an operating system called OSX, while Linux powers many different operating systems, the most popular of which is called Ubuntu.

Neither are affected by WannaCry, which is Windows only.

There are two reasons, in my opinion, that both Mac and Linux-based operating systems are rarely affected by malware:

  1. Put together, these operating systems represent only around 5% of the world’s PC estate (that is, any device that isn’t a server – Ubuntu has a gigantic footprint in the world’s server estate). From a hacker’s perspective, then, it makes sense to target Windows in order to secure the biggest return rate.
  2. Windows, as an operating system, is built on convenience and that leads to weak security.

Examples of point #2 are rife:

Windows Ubuntu
Executable files can be downloaded You must explicitly enable execution after download
Software is downloaded from all over the internet Nearly all software comes from a maintained repository, like a store
Security patches don’t apply until after a reboot  All patches apply immediately, with the exception of kernel updates
Allows one-click escalation to administrator privileges  Password must be typed to enable administrative operations

Microsoft has been plugging various security holes for years now, but the underlying core principles of its operating system will always work against it.

That doesn’t mean you all have to go out and buy Macs, but as the biggest target on the internet, you should definitely exercise more care on Windows that you might with the alternatives.

How do I get Ubuntu?

If your PC or laptop has been ransomed and you want to try something new, you certainly have nothing to lose by trying out Ubuntu. Canonical, the company behind Ubuntu, sell USB sticks for only £6 which have Ubuntu pre-loaded on them and which you can use to try it out. Buy a stick, put it in your computer and press F11 as it starts, then choose the USB key to boot from. Ubuntu will load up, and after test driving it for a while, you can choose to install it on your PC directly – follow the 8-step installation instructions to replace Windows on your device with Ubuntu. The whole process takes around 30 minutes and the first time you start it up, it will probably need another half an hour to update to the latest patches. Thereafter, patches will usually take around a minute or two to apply and generally happen in the background without impacting your work at all.

Ubuntu supports many popular desktop services, such as Dropbox, Spotify, Discord, Steam, Skype and more. For the software it doesn’t support, there are plenty of alternatives. For examples, while you can’t run Microsoft Office on Ubuntu, you’ll have free access to Writer (replaces Word), Calc (replaces Excel), Impress (replaces Powerpoint) and each of these can open Office documents with near-perfect accuracy. Ubuntu comes with the Firefox browser, but you can install Google’s Chrome with a couple of clicks if you prefer.

Ubuntu is free and all its updates are similarly free. I’d recommend sticking to the LTS (long-term support) releases – if you decide to install interim releases, you’ll have to update every 9 months and that’s a little too frequent for my liking.

Scaine has written 15 articles

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>