Beware of Ransomeware
So what is ransomeware anyway?
Well according to Google, ransomeware is “a type of malicious software designed to block access to a computer system until a sum of money is paid.” How it blocks access can vary from simply keeping a message covering your entire screen so you can’t easily reach your desktop icons to encrypting your entire hard drive. The good news is that, in most cases, it’s pretty easy to avoid. However it does take some vigilance on the part of the user.
I have antivirus software. How does this junk get on my machine?
Interestingly enough, the two most common ways both involve–get this–being invited by the user.
- The first and most common way is by opening an unexpected email attachment. I know what some of you are thinking: “I never open attachments from people I don’t know, only ones from my friends and family”, and that’s great. NEVER open attachments from anyone you don’t know, but notice I just said unexpected, with no qualifications. What if your friend’s computer has become infected with a virus or malware, and it’s not your friend but the as-yet-undetected infection that sent you the attachment? What then? If it’s from a friend but you weren’t expecting it, don’t open it until you talk to your friend and verify that he/she actually sent it. Do you have to do that with every picture they send? Of course not. Some people send pictures all the time. If you put your mouse over the attachment in the email and the little pop up info box verifies that it is indeed a .JPG or other type of picture file, then you’re probably fine. However if it seems like a picture but the file name ends with .EXE or something other than a picture extension (e.g. .JPG, .GIF, BMP), you’ll probably want to just delete it. For other types of files, Adobe Acrobat (.PDF) MS Word, Excel (.DOCX and .XLSX), Powerpoint (.PPTX), etc., if you’re not expecting it, call to verify. These files can contain malicious code that can execute when the file is opened.
- Then second most common way is by landing on an infected, hacked, or malicious website. Often these sites will display either a message box or a full screen window that won’t go away unless you click something on it, which is what they want you to do, or until you kill the web browser. These boxes and windows usually show a message, sometimes accompanied by a sound clip, telling you you need to either call a displayed number or worse click a link, in order to pay to get your machine back. In these cases you computer is usually still fine UNTIL YOU CLICK WHAT THEY WANT YOU TO CLICK. When you click, you’re inviting the malicious code to execute on your machine. If you see one of these messages, DO NOT CLICK ANYWHERE ON IT, EVEN THE X TO CLOSE. If you can still see your taskbar at the bottom of the screen, right click the web browser’s icon (IE, Firefox, Chrome, etc.) and select Close. If the program won’t close, right click an empty area of the taskbar, select Task Manager, find the web browser in the list of running programs, click it to highlight it, and click the End Task button at the bottom right. Once your browser has closed, you’re probably in the clear, but it would still be a good idea to run a manual full virus scan.
What can I do if I’ve already opened the attachment or clicked on the link?
If you think an infection has made it onto your system, first and foremost DO NOT REBOOT! These days the more you reboot, the more entrenched an infection can become. You’ll want to shut the system down only when you’re ready to bring it to be professionally cleaned. When you do shut it down, just press and hold the power button in for 4 or 5 seconds until the system turns off. This should bypass the shutdown code, code which the infection may have rewritten to help entrench itself. If you live in the DTC area, you can give us a call. We’ll let you know what our workload is like and how soon we’d be able to look at your machine. If you don’t live near DTC, we suggest asking friends and family who they trust to fix their computers. Personal recommendations often are more reliable than website reviews.
Centennial, CO. 80122