Spotlight on alarming growth in ransomware and your best chances of dealing with it: Internet Scambusters #713
Ransomware, which locks down victims' PCs until they pay the ransom, is costing Americans tens of millions, maybe even hundreds of millions of dollars every year.
In this special issue, we give a quick rundown of how the crime works, detail the latest variants and explain the choices you have if you fall victim.
We also have a warning about a new piece of malware targeting users of the messaging app WhatsApp.
Now, here we go...
Ransomware Rockets - and So Does the Ransom Charge
Every year, two or three well-known and established scams suddenly go ballistic, and this year it's the turn of ransomware.
In fact, one security software firm has dubbed 2016 "The Year of the Ransom."
You possibly know what this horrible scam is all about by now. We've certainly warned about it before in our Special Issue on Ransomware.
But just in case you're a newcomer, let's recap.
First, you download a piece of malware or your computer gets hacked, and the next time you switch on, there's a pop-up -- or even your whole screen is occupied -- with a message saying your PC has been locked. You can't access anything else.
It's easier to fall victim than you might think. For instance, in one of their latest tricks, crooks send out a spam message saying, "Your package has been delivered." If you click on the accompanying attachment, you're done for.
Often, the ransomware message is accompanied by a totally phony statement claiming you've been accessing illegal websites, and there may be official-looking logos for organizations such as the FBI and government departments.
Sometimes, the malware actually does plant pornographic images on victims' computers as supposed proof of the crime.
Under the guise of this "official" action, the message imposes a "fine" that you have to pay to unlock your device and make your system and data accessible again.
Because it's really just a bunch of crooks behind the message, you have to pay your "fine" by wiring the money to an untraceable destination, or using the Internet currency known as Bitcoin, or possibly through the purchase of prepaid debit cards for which you're required to hand over the cards' code numbers to the crooks.
All of that is bad enough, of course, but even if you pay up, there's no guarantee the scammers will unlock your machine. You may never see your data again unless you had it backed up.
Various ransomware programs are currently being offered for sale on the "dark web," the part of the Internet where criminals (among others) operate.
The FBI calls it a "prevalent and increasing threat" and says victims paid out more than $24 million last year to unlock their computers. That's likely only a fraction of the true sum, though, since many victims never report the crime.
We've seen estimates as high as $300 million and that's because ransomware has even started infiltrating businesses and other organizations.
In one famous case earlier this year, data including health records at a hospital were frozen until it paid the ransom, reportedly $17,000.
Furthermore, crooks have upped the ransom payments from $10 or $20 a couple of years ago. Today $150 to $500 is typical, sometimes with a threat that the "fine" will be doubled or your disk will be wiped if you don't pay within 24 hours.
The big question, of course, is whether you should pay the fine at all.
The FBI says a definite "No!" to businesses but is less prescriptive for individuals.
After all, if you haven't taken appropriate precautions, how else can you stand a chance of getting your system back?
It seems opinions are divided on this decision, with some leading Internet security firms recommending against paying.
We can't tell you what to do because it depends on so many factors and it's such a personal issue.
But we would suggest that if you decide to pay, you should only do so if you're sure there's no other way you can get your system back.
Microsoft has made a free tool available which is worth a try -- Windows Defender Offline.
But it's a long shot that only works if your PC hasn't really been locked but infected by a less severe program called "scareware" that merely pretends to have locked your machine.
To use it, you need an unaffected PC onto which you download this security program and create a DVD or USB drive from which you can boot (restart) your infected computer.
Once you have this, the Defender program will scan your hard drive and try to remove any malware.
Other security software firms may offer similar programs.
So how can you protect yourself from ransomware or take other corrective action if you're snared?
You may want to check out our 10-point safety plan in an earlier issue, How to Beat the Ransomware Crooks.
Of the points we make there, the three most important steps are:
- Ensuring your security software is kept up to date.
- Avoiding visiting dangerous websites including file-sharing (torrent) sites.
- Regularly backing up both your system and your data (at least weekly) so you can reinstate a disk image created prior to the attack.
However, according to a recent CBS news report, one ransomware variant actually targets Windows' own backup program, so you may be safer using third-party software.
It's also perfectly possible for scammers to bury their ransomware inside your computer's operating system and leave it there, dormant until it's reactivated.
That could mean that a back-up could reintroduce the ransomware, even when reinstating.
Not only that but if you actually pay the ransom and even if you get your system back, there's no guarantee the crooks won't strike again.
Running a total security scan on your system could identify if the malware is still present, but you might want to consider reformatting your hard drive and reinstalling your operating system from scratch -- after ensuring all your data, like documents, email and spreadsheets, have been backed up.
If you don't know how to do this, seek help from someone who does, or from a local repair shop.
By the way, just to be clear, neither the FBI nor any other government agency locks up individuals' computers or demands fines in the way ransomware does, so if you get one of those warnings on your screen, regrettably you've been scammed.
Alert of the Week
Do you use the popular messaging app called WhatsApp? If so, don't fall for a supposed invitation to upgrade to "WhatsAppGold."
The app doesn't exist. It's just malware.
That's all for today -- we'll see you next week.