A King’s Ransom

The Real Cost of Ransomware

Recently, two WebWeaver clients had their devices infected with ransomware – malware that secretly installs a cryptovirus on your computer, demanding a ransom payment to decrypt it. It can be as simple as locking the system and displaying a message asking for payment to unlock it (Wikipedia).  It’s a nasty one to get rid of.

One WebWeaver client very nearly lost all his business data in such an attack in December, and shared his experience with us. He gives some helpful recommendations on how to rid the virus once you’ve been infected, too.

“My secretary got the ransomware by clicking on a link in an email that purportedly led to an online invoice / proof of payment (can’t remember which). The ‘virus’ encrypted all data type files, but not system or program files. So the computer and programs kept running, but the data was not accessible. Her desktop screen was replaced by a message, asking her to download certain software, go to a particular site and pay a ransom in BitCoin (equivalent to about $700 or so).

  • First thing to do: Don’t PANIC.
  • Second thing: Don’t pay the ransom – the evil men behind this scheme don’t decrypt your files, even after you’ve paid the ransom.
  • Every change you make to your hard drive from now on will wipe out critical data. So don’t download any software, don’t do ANYTHING with that PC.
  • On another PC, download the software to clear the infection onto a USB stick. HitManPro is one of the better ones, but it costs. Malwarebytes is free, but not 100%.
  • Put the USB into the affected PC and run it from the USB. Do NOT install it on the hard drive.
  • Once clear of the attack, you need ShadowExplorer or (better) Recuva to recover your files to a USB (again, NOT to the hard drive of the affected PC). This way, you can recover somewhere between 60 and 80% of your files.

It is essential to back up your files regularly to TWO mass storage devices. In my case, our USB backup was also encrypted. If we had had a second USB (which we rotated on a regular basis and did not keep plugged into the PC), we would not have had the issue.

Also, having your important files on DropBox helps since you can recover them quite easily (although it takes a while to get attention from DropBox support). Your DropBox files can only be recovered within 30 days, so hurry with that.

The virus propagates via networks, so all PCs on the same network are prone to attack.

RansomFree is the best free protection against ransomware out there. Install and run it.”

Ransomware made headlines a few days ago, bringing a US library to its knees. It targets big and small. Advice? Don’t click on links you aren’t sure of – whether email attachments, or on social media. For more reading on preventative measures, see the Microsoft article on ransomware.