Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Ransomware: How do you prevent it from happening?

Dec 19, 2014 7:40AM PST
Question:

Ransomware: How do you prevent it from happening, and if you were held up, do you pay?


I've been seeing a lot of news headlines about ransomware in which I think it is when a hacker gets into your computer and puts a lock on it so that you can't do anything on it and demands a payment of a specific amount or else your computer will remained locked or will be wiped clean. Am I correct or is there more to it? This has me a bit concerned. Even though my computer doesn't hold top-secret materials, I still don't want to get caught in this mess. So how would one go about preventing this type of ransomware from being attached to my computer? Is an antivirus program good enough to keep this from happening? If not, what should I have installed to prevent this? And out of curiosity, if this were to happen to you where your computer were held up for ransom, would you pay up? Why or why not?

--Submitted by Steven H.

Discussion is locked

- Collapse -
All about Ransomware, Effects and Prevention
Jul 1, 2015 4:58AM PDT

Yes, you are right if your system gets infected with ransomware program then it will encrypt the files stored in your system and it locks your desktop until you pay ransom money to the hackers. If you really want to stay safe just turn on auto update for all your software, especially your anti-virus and anti-malware.

Note: commercial link removed by moderator.

Post was last edited on September 28, 2015 1:52 AM PDT

- Collapse -
You sure about that link?
Jul 1, 2015 12:54PM PDT

WOT is blocking it as a suspicious site - but then I guess the crooks may have down voted it.

- Collapse -
Prevention only is not enough
Jul 1, 2015 1:18PM PDT

Your preventive approach is important, but it is naive to think you can always protect yourself. You need to prepare for the worst, as threats always evolve. In my case, that means multi-version automatic cloud backups. If the worst happens, I can go back to the previous backup if necessary.

- Collapse -
You may not be able prevent but you should be backing up
Jul 2, 2015 10:56AM PDT

I use a junk computer to access the internet. The more virulent malware doesn't wait for you to go to an infected web site or click on something stupid in an email. They will attack you computer whether or not you are using it. A university in the Midwest USA connected a computer to the internet and turned it on. The computer was re-imaged after 24 hrs and the process was repeated. After 50 tries the quickest infection was 7 seconds after start up and the slowest was 15 seconds. The computer suffered dozens of infections in 24 hrs. This was years ago now the attacks are far more frequent today.
Unless you have invested tens of thousands of dollars on an industrial strength firewall you can't keep them out. I have a junk computer that I re-image monthly to keep it somewhat free from malware. What people don't understand is hackers are no longer someone in jeans and a dirty t-shirt. The successful ones make in the top 1% of the worlds salaries. They do not sit at a computer and try to sneak into your computer. They are very high-end database programmers. They write applications that scan computers for your OS, your security software etc. This is stored in a database along with your IP address. When they figure out how to break through your defenses a computer infects your computer in a second or 2. The infection will have a unique viral signature so no AV software will find it unless it does something overt like hold your computer for ransom. (Server Side Polymorphic Malware). Once you computer is infected it will behave normally. It will scan everything on your hard disk and send back anything the hacker wants. It will also monitor all your internet activity recording CC information and login information. There is far more profit in spying on you than breaking your computer. I believe the only time stealth malware becomes noticeable is when multiple malware infections contends for the same resources.

The botnet will also be put into service finding and or infecting more computers. These bot nets could be as large as hundreds of millions of computers. Just before Server Side Polymorphic Malware became the dominant malware a 30 million zombie botnet was uncovered. Back then the more zombies in your botnet the more likely it would be discovered on someones computer. This kept the size of botnets relatively small. Now there is nothing stopping a botnet from infecting most poorly protected computers in the world. I would rate any home computer, mine included as poorly protected.

- Collapse -
Cites
Jul 2, 2015 6:56PM PDT

Do you have any citations for this?

I think if this were really happening on a wide scale then it would have been all over the tech news.

The "infected in seconds" stories I've heard of have all been machines with no firewall protection.

- Collapse -
Actually he is correct..
Sep 2, 2015 12:51PM PDT

Although it doesn't take thousands of dollars to get a good UTM appliance to keep the buggers out; there are many reasonably priced brands that can fit that specification. It is actually no secret that "crackers" can get into any router that has a firmware vulnerability, or that has the WAN side administrative portal improperly configured, you generally don't see much discussion on the issues unless you are reading ZDnet or Krebs on Security, or watch the security news on The Register. Once inside your router they can reflash the firmware, or turn on your computer using the PXE technology, and as a lot of folks have found out from nation state bad actors, pretty much do what they want using similar techniques on any computer attached to the LAN.

However the blended defenses necessary to minimize this threat are too lengthy to go over here in this discussion. So I will avoid cluttering up the pages in this tread trying to go over it all.

- Collapse -
Of course, it's possible
Sep 2, 2015 6:06PM PDT

Of course, it's technically possible for the router to be compromised, and then, the computers behind it.

I was asking for citations to back up his claim that every Windows box, whether behind a firewall or not, is compromised within 15 secs. I'm suspect the median time is probably closer to 15 mins for an unprotected computer.

And, I'm sure it happens that some users configure their router to open WAN admin privileges with default passwords. But, I suspect that's rare. Few users technical enough to configure their routers are at the same time clueless enough to not set up at least a semi-decent password.

And, again, that's different than every consumer router being easily compromised in seconds, and, therefore useless for protecting a home network.

Drake Christensen

- Collapse -
The thing is, that's not how I'm seeing compromised things
Sep 2, 2015 6:28PM PDT

1. http://dilbert.com/strip/2014-05-19 nails it. Folk fall for it over and over.

2. Free software. Almost all download sites are now full of "installers" that add bad things, toolbars and more.

3. App stores are not any better. Microsoft is and the last time I looked, not the place to get the app you are looking for. Just try to find a clean Calculator app on Google's Play store.

- Collapse -
When it comes to crackers...
Sep 3, 2015 12:42AM PDT

they got a million of 'em! (ways to compromise) Cool

- Collapse -
Other OSs??
Jul 2, 2015 11:20AM PDT

It used to be the rare OSs were not targeted as much as the Microsoft computers. That is not the case any more. All PCs. Microsoft, Apple or a version of Unix use the same underlying computer so only the highest level of code needs to be OS specific. The OSs are more or less the same regardless of what you might like to think.
An attack probably targets a specific OS, the version, the patch# and any specific security the computer might have. If I was a hacker, Apple would be my favorite target because the users are low tech and are often less apt to take a computer into the shop if it is acting up. My wife's cousin had an obviously massively infected computer and would not take it into the shop. She claimed if it was infected someone would be using her credit card info. A few months later someone did. Hackers attack Unix computers as well. They are not fearful to do so.

- Collapse -
ransomware needsto be a campaign issue in 2016
Sep 1, 2015 6:12PM PDT

we need to make this a campaign issue in all elections in 2016, it should be a capital crimefor all who work at the company, if its another country it should be an automatic trigger as an act of war, massive carpet bombing of all infrastructure should begin within 72 hours if all involved are not handedover to the u.s i, obviouslywe cant bomb russia or china, but even allies, and for russia or china, crushing sanctions, this is really a national security issue

- Collapse -
ransomware is threat to national security make it a campaign
Sep 1, 2015 6:37PM PDT

ransomware is a threat to national security, it could lock up inporatant energy grids, defense, banking, anyone involved in the act even the person answerin the phone should be sent to a supermax prison,tried and executed, if its a foriegn nation , russia, china, crush them with sanctions, any other nation , ally , foe, enemy,shouldbe given48 hours to hand in all involved, anyinfostolen/used to operate, or we should start carpet bombing 1 day continuously for every miniute after the 48 hour kind grace period we provide,
alsocall congressional/senate white house switch board (google it) it is eesy and elected officials doget the messages, then send the guilty wrappedin duct tape and drop them ofbt parachute, over allepo, with #isis sucks branded on thier foreheads, the problem will stop quickly

also enough ppl calling it will become a campaign issue 2016

- Collapse -
We need a " this is not helpful" button
Sep 2, 2015 5:49AM PDT

For posts like this

- Collapse -
Folks discuss things.
Sep 2, 2015 5:57AM PDT

Are you writing that you want no discussion?

- Collapse -
Not no discussion
Sep 2, 2015 9:06AM PDT

He didn't say delete it. He just wants to mark a particular post for being a bit off the deep end.

OTOH, if he wants that sort of functionality, there are other forums, such as Slashdot and Reddit.

BTW, I agree with you that pushing for more government intervention is likely a cure worse than the disease.

- Collapse -
Glad you see where Gov's miss the mark.
Sep 2, 2015 9:31AM PDT

CNET Forums have a forum for Forum Feedback. I think the lack of a thumbs down is that this forum is going to be a bit more friendly.

-> http://www.cnet.com/forums/forum-feedback-announcements/

The forums are weighted towards discussions and views but once in a while you have a new member that wants "solutions." I've seen folk that get very upset when ideas on a problem such as a cranky PC are rebuffed by the PC owner as "that's not it" with more text telling folk they are not interested in ideas but want a solid fix. I'm a little amazed when that happens.

- Collapse -
"I'm from the government and here to help you."
Sep 2, 2015 6:17AM PDT
- Collapse -
some people get hit crossing a street
Sep 2, 2015 6:35PM PDT

but let's not ban cars on roads and outlaw crossing the street without a crossing guard being supplied. People make mistakes. We have to accept that. Going unguarded or without knowledge of how to safely cross the street is asking to get hit.

- Collapse -
The outdoors is dangerous. Canada closes park.
Sep 2, 2015 6:48PM PDT