I was wondering when it would happen…that I would get a call from someone who had their files “ransomed”. What does that mean? Well the newest and greatest form of virus is ransomware…and it’s big business now. And they like to focus on businesses. They know that businesses can not afford to lose their client data…and they bank on that, and they quite often win.

Well, it happened today. And I felt bad for the guy.

What is ransomware? It’s a virus that installs one (or more) forms of ENCRYPTION on your computer, encrypts ALL your files so that they can not be opened without the decryption key, and it’s VERY effective. Some forms of ransomware can be decrypted, but there are some that can not. If your computer gets ransomed, you have only a couple of choices…

1. Pay the $500 or more to get the key and get your files back. If you want to do this, do it. Because once you start messing with trying to recover the files, you might lose the ability to decrypt…so think carefully about this. If you have no backup of your files, and you really need your files, and you can afford it, you should probably pay the money. It’s going to cost you maybe 1/3 to 1/2 that for an I.T. guy to remove the virus, and attempt to recover, and it may not even be possible. (though if you do, you should definitely get the machine cleaned after you get your files back!) You could possibly get a hold of the hacker, and try to negotiate a lower price I suppose, It’s worth a shot. I don’t know it’s successful or not.
2. You can remove the virus…to make sure no further files get encrypted, and start fresh…with the understanding that there is a 50% chance you will permanently lose your data. Every ransom attack is different. There are more than 1 ransom viruses, and some can be dealt with, and some can not.
3. You have a backup, and can restore it…GREAT! LET’S DO IT! Give me a call if you need help.

Some things to do once you know you have been hacked:

  1. Disconnect the internet! this can prevent cloud drive files from being synced to newly encrypted files, and being changed also if you have Google drive, or One Drive, or any other cloud account, and can prevent the virus from reaching other machines on the network.
  2. After you get the name of the ransomware package, write down the info, and SHUT DOWN THE MACHINE. Don’t use it. Don’t go on the network. Don’t install anything. Don’t do anything until you call a tech, or do some research on the internet on your particular ransom virus (from another computer)
  3. if you are going to try to remove it, download some help: Malwarebytes, Shadow Explorer, Norton Security (get a trial if you need to, they give you 30 days!)
  4. Often ransomware encrypts by way of making a copy, encrypting it, and deleting the original. Sometimes you can get originals back with deleted file recovery programs, like Recuva…which is an excellent program. System restore and Shadow Explorer will try to recover shadow copies created with system restore. If system restore doesn’t work, you can try to use ShadowExplorer.

If you haven’t been hacked yet, PROTECT YOURSELF!

  1. You should have a good security SUITE installed on every computer you own. If you don’t, shame on you! I can’t help you much if you don’t care enough to even try to protect yourself. I personally recommend Norton Security, it has the LEAST effect system resources (slowing down your machine) and it’s very good protection. And yes, you need the FULL SUITE of protection, firewall, virus scanner, real time protection…all of it, NOT JUST AN ANTIVIRUS PROGRAM. Malwarebytes is a good secondary protection. It will run alongside Norton just fine…and every time a new version releases, you get another 15 days of real time monitoring with it, (then it switches to manual scan mode, unless you purchase the pro version) …but 15 days of real time, 5 or 6 times a a year is fine for free, since you have another security suite, right? (yes) There is a 3rd program you can run alongside if you want, to protect specifically against ransomware, and it’s called CRYPTOPREVENT.
  2. Make sure SYSTEM RESTORE is TURNED ON and THAT YOU HAVE ENOUGH STORAGE SPACE FOR RESTORE POINTS! Depending what version of Windows you have, right click on either My Computer, or This PC (windows 8-10) and click on PROPERTIES. Then click on System Protection, select the drive you want to configure and then click CONFIGURE. You should turn on system restore for you operating system drive/partition, and any data partitions/drives you have. And you should also make sure that around 10% of the total drive space is allocated for restore points. (if you have system restore turned on, but have 0% space allotted to store restore points, it’s useless, as nothing will be written to the drive in way of a backup)
  3. BACKUP YOUR DATA. Cloud backup services are “ok” …for backing up files, but they won’t restore an entire drive image, operating system, and installed programs…it will only give you files. And it’s risky, because if it runs all the time, there is a chance those files also become corrupt when they sync with your machine. You should do regular full system drive imge backups with a backup program such as either Acronis True Image or Aeomi Backupper, or EaseUS Todo Backup . Do a FULL drive image backup at LEAST once a month (or incremental/differential if the software has that capability) If you do inc/diff backups, only do about 3 or so…but every 90 days at least, do a new FULL backup. Note, when doing backups, if you are using EXTERNALS USB HARD DRIVES, these will fail eventually. They have moving parts. They get hot. Especially if they run all the time, they will fail.. I myself use plain hard drives…if your desktop has storage for more hard drives, put a backup drive right in your machine. You can also use hard drives with a docking station, which is both cheaper, and more reliable than external drives. If possible, use flash storage: either flash drives (if you find one large enough) SSDs, or even SD cards can be used to store files, and they are typically more reliable. If you do use external hard drive, don’t leave it running all the time, and if you do need it to run all the time, get a new one every 18 months at least, sooner if you can afford it. Or, just store backups in more than one place. If you ever need one of your backups, you will be glad you have more than 1 to choose from. You really can’t be too anal about this stuff, trust me.

Anyway, that’s the skinny on ransomware. If you have questions, comment below, or contact Everything I.T. on the contact page (or just CHAT, we do that also) and we’ll give you hand!