Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Ransomware: How do you prevent it from happening?

Dec 19, 2014 7:40AM PST
Question:

Ransomware: How do you prevent it from happening, and if you were held up, do you pay?


I've been seeing a lot of news headlines about ransomware in which I think it is when a hacker gets into your computer and puts a lock on it so that you can't do anything on it and demands a payment of a specific amount or else your computer will remained locked or will be wiped clean. Am I correct or is there more to it? This has me a bit concerned. Even though my computer doesn't hold top-secret materials, I still don't want to get caught in this mess. So how would one go about preventing this type of ransomware from being attached to my computer? Is an antivirus program good enough to keep this from happening? If not, what should I have installed to prevent this? And out of curiosity, if this were to happen to you where your computer were held up for ransom, would you pay up? Why or why not?

--Submitted by Steven H.

Discussion is locked

- Collapse -
ransom???
Jan 10, 2015 12:10AM PST

i back up everything, everday, on two external drives!!! the ransom they ask for, is probably more then what it would cost me to get another computer!!!

- Collapse -
Linux is not the answer
Jan 10, 2015 3:24AM PST

I noticed several people thinking that they're safe because they use Linux. Think again. The latest ransomware threats target all platforms. Windows, Linux, Mac, Android and iPhone are all targeted and susceptible.

- Collapse -
(NT) Have you found the answer?
Jan 10, 2015 3:26AM PST
- Collapse -
Actually, you *should* pay the ransom
Jan 10, 2015 3:33AM PST

If you've been infected by CryptoLocker or one of its variants, your date *is* encrypted and there is no possible way you'll ever get it back without paying the ransom.

Of course it would be great if we all backed up our data regularly, but occasionally people forget for whatever reason. And for people in that situation, ransomware can be devastating. From what I've read, the ransom ranges from $200 to $500.

In some cases you might be able to find utilities online that allow you to decrypt your files without paying. But if you've invested hundreds of hours of work into your data, it's not worth screwing around trying to find a way to save a couple hundred bucks. Pay them, and get your valuable files back (according to articles on CryptoLocker they do provide an encryption key to people who pay).

I see a lot of tough guys here saying "don't pay them" -- but if taking that advice causes you to lose a ton of precious data, it's not great advice.
d

- Collapse -
true
Jan 10, 2015 10:02AM PST

I've mentioned this before, but from what I've read, such hackers are quite good about restoring your data once paid. I guess it only makes sense. If they didn't, word would get out fast and no one would ever pay. It's not right, of course, but if that were the only option, what else would one do?

- Collapse -
How much is your data worth?
Jan 11, 2015 5:44AM PST

I recommend that you spend a few dollars now so that you don't have to give the kidnappers hundreds when they encrypt your data. Get a good, multi-copy off-line backup in place so you can thumb your nose when they come after you. Otherwise, I know my data would be worth a couple of hundred dollars to get back. Be realistic. After following this thread, I switched my cloud backup today because the free one I was using would overwrite my careful backup automatically before I could do the restoration. For $15, I now have a year of piece of mind.

For those of you who think you can get everything back with an excellent virus remover, think again. You may be able to root out the program that scrambled your data, but you'll never get the data back without an off-line backup. This is serious stuff.

- Collapse -
Be sure cryptolocker cannot access your cloud drive.
Jan 11, 2015 1:49PM PST

I believe I've read where it can; if you have an app installed to access it, especially. I hope I'm wrong - but that is what memory serves me.

- Collapse -
cloud drives are particularly safe for this
Jan 11, 2015 10:50PM PST

It's really not a big deal If the files in your cloud drive were to become encrypted. Most (all?) cloud services keep incremental backups for your files for 30 days or so. If any files are changed, encrypted, or even deleted, you can always retrieve the previous version, actually, all previous versions for the past 30 days.

- Collapse -
(NT) That is good to hear!
Jan 12, 2015 9:12AM PST
- Collapse -
One solution
Jan 10, 2015 10:32AM PST

When I was infected by ransomware and couldn't do anything on my machine, I went to my backup computer and did a little research. Discovered this was a big problem. They wanted $100 to release my machine, but even after I paid the $100 the ransomware would still be there. A program called Spyhunter 4 was recommended which I downloaded and installed. It cost me $40, a lot better than $100, and it not only cleaned off the ransomware but found some other stuff it got rid of. Good luck.

- Collapse -
Back Up Your Data
Jan 10, 2015 9:38PM PST

I didn't see an answer about data.

Back up your data often so if something bad happens, you can always start over. I use Carbonite, which automatically backs up your data continuously. It's worth the small fee.

- Collapse -
virus
Jan 11, 2015 2:51AM PST

I use Linux still got the fbi virus once freaked me out since I had never had one before. Finally fixed it. It reset the browser to load their website page at startup. If you start the browser you can't do anything else since it removes all buttons and you can't get off of that page to do anything else. Windows would be harder to deal with since explorer is used to look at files too, so you couldn't access anything. What ever you do don't pay these ********.

- Collapse -
you did not get it
Jan 11, 2015 5:55AM PST

you did not get it, you just happened to open the page with it and some scripts affected the browser - that is all. once you shut the tab or browser you were okay. I have ran across fbi and other ransomware pages many times while in linux. If you would have actually been infected, you would not have been able to do what you did.

- Collapse -
Couple of Solutions to the asked Question
Jan 11, 2015 5:37AM PST

I've read the posts for this topic and while the first question has been answered regarding prevention, the second question has not been answered sufficiently, at least to my way of thinking, other than a few "pay if you want to but I wouldn't". The theory is that anything encrypted by a virus is unobtainable without paying the fee and that is simply not the case. Two companies, FireEye & Fox IT have banded together to help those infected with Cryptolocker by starting this website, https://www.decryptcryptolocker.com/ which will help you obtain the master key in case of infection. This was a great story in an issue of CPU the magazine a few months ago so I'm surprised that no one mentioned it as an option.

Here's my take on getting infected. Blackmail is what this is and if you pay the fee you have no way of knowing if something will be left behind to infect your system and the chances of it happening again, and again, and again are high because you have proven to be a good source of income.

Good luck!

- Collapse -
Looks likea great tip...
Jan 11, 2015 7:22AM PST

I've heard the NAS drives could be susceptible if it's OS wasn't kept up to date but this is the first I've heard of a recovery option/chance. Hope to never need it but it's bookmarked just in case. Ta.

- Collapse -
I had seen that about DeCryptoLocker
Jan 11, 2015 10:22AM PST

But I hadn't mentioned it because, from my research, that is only good for Cryptolocker and none of the many other similar strains of Encryption Attacks. And so far, of the 5 people I have spoken with or encountered with an Encryption Attack, only 1 was actually CryptoLocker.

- Collapse -
has anyone
Jan 12, 2015 2:50AM PST

set up a site to have passwords recorded that were given to those who paid? It might be the same password for all of them, or a number of passwords that work to unlock the encrypted stuff.

- Collapse -
A (remote) possibility ?
Jan 12, 2015 6:18AM PST

Hi James,

Your question reminded me of S!ri Urz, who used to publish codes to unlock Windows. It was back when Rogues were at the forefront. Circa 2007? 2008?

I'm short on time, so I only gave it a quick Google to see if the site still existed. I tend to doubt you'll find what you're looking for, but it might be a good place to start.

Check the left side of the page here http://siri-urz.blogspot.com/search/label/Ransomware

Only an example http://siri-urz.blogspot.com/2011/07/anti-malware-lab.html

Nothing ventured. Nothing gained...
Carol

- Collapse -
(NT) thanks
Jan 12, 2015 9:05AM PST
- Collapse -
Decryptolocker.com Won't Work For Everyone..
Jan 11, 2015 3:43PM PST

While I still contend that it is next to impossible to recover from malicious encryption, the Decryptolocker.com website offers help for a limited number of people that were hit with earlier versions of the encryption. As part of a law enforcement operation, there were a large number of encryption keys that were seized from a rogue group which were responsible for some of the early attacks. This site will attempt to match your encrypted file against one of the known keys. If they can find a match, you can get the encryption removed. Otherwise, you are still out of luck.

Decryptolocker.com is a very well intended effort to help but they DO NOT reverse generate the keys. Encryption attacks from sources other than the original attacks are not going to use the same keys and as mentioned earlier, there is not enough computing power available to reverse engineer the correct key.

The answer lies in prevention efforts and not in after-the-fact cures.

- Collapse -
How to prevent this, and other Windows issues
Jan 11, 2015 12:32PM PST

Switch to Linux!! You'll be surprised with the speed and functionality, on top of the lack of trouble with viruses and other malware. Imagine turning your machine on and using it! instead of going for a cup of coffee while it boots. Imagine shutting down your machine in 10 seconds with no "waiting" for new updates to slow your computer down more! Why people continue to put up with this garbage is unimaginable to me. I want to get work done using my computer, not spend all my time and money fixing a ridiculous operating system. Heck when it it messed up real bad you can't even boot the machine. I can always boot of a live CD or thumb drive if anything bad ever happens. I think people that use windows as they're primary OS are crazy. If you must run windows for something, run it in a virtual box on your Linux machine. At least that way you can keep a working snapshot of it anytime something needs to get changed or updated, so you won't be dead in the water.

Oh, and no matter what your OS is, don't be stupid and install every little piece of garbage you find on the internet. And never let internet explorer get on the internet, your begging for trouble.

My $0.02

- Collapse -
Another Solution
Jan 11, 2015 7:04PM PST

Telling people to switch to Linux does not help the person who has already been infected! I was infected 3 or 4 times. Twice I was able to close the browser before it fully loaded. Problem solved. The other times it was locked, I rebooted. Still locked, so I did a system restore. My computer has a restore point you can create. I am sure others do too. I create one every few days. Then when I was hit, I restored. The computer goes back to an earlier time using the restore point you created.

- Collapse -
It helps those who....
Jan 12, 2015 9:10AM PST

....listen and follow the advice after the first time, instead of becoming infected several more times.

- Collapse -
Ransomware
Jan 12, 2015 8:36AM PST

Customers bring me these all the time. I just pull the hard drive, hook it up to my computer via usb, and run Malwarebytes, Avast, and Microsoft Security Essentials (only Avast is active on my machine, but I keep the others on-but-shut-down for these situations). I do a lot more afterwards, but that should get you back up and running. You can pick up an SATA and IDE to USB rig for under $20.
Why are so many people overcomplicating this?

- Collapse -
You are oversimplifying
Feb 15, 2015 6:42AM PST

The procedures you are suggesting may indeed get rid of the virus, but they will not restore your data files, which have been encrypted and are no longer accessible.

- Collapse -
That's where your backup comes in.
Feb 15, 2015 6:47AM PST

Dafydd.

- Collapse -
As long as it is not connected..
Feb 15, 2015 11:36AM PST

If at the time of the attack, your backup target in connected, CryptoLocker will encrypt it too - I've read reports on respected sites that state it can even find all cloud backups unless you use Carbonite as a cloud solution. Don't get me wrong, I don't use it, but I do pull out my plug-in backup drive after every backup so it is NOT connected if and when this could happen to me.

- Collapse -
cloud is usually safe
Feb 15, 2015 12:36PM PST

As mentioned before, depending on the provider, your cloud backups are usually safe. Many (most? all?) cloud services provide incremental backups that would be immune to such encryption. For example, Dropbox saves EVERY past version of your files for 30 days. Only the latest is "visible", so if a file were encrypted you could just roll back to the previous, unencrypted version.

- Collapse -
Backup better be offline or in the cloud.
Feb 19, 2015 10:58PM PST

Getting your data back is the most difficult and critical part of the process. I'm sure your customers have mentioned this to you or their problems aren't really ransomware.

- Collapse -
Look up ransomware
Feb 15, 2015 9:08AM PST