Wednesday, November 4, 2015

I was talking with a coworker last night about ransomware and computer viruses. He had listened to a podcast about how an older woman had gotten ransomware on her computer. She was ready to just clear the computer out and start fresh, when she remembered that her husband had important documents and files on the computer that were worth well more than the $500 price tag that the ransomware demanded to get the files back.

For those of you who don't know, ransomware is a program/virus that encrypts the files on your computer so that you can't access them. It is more than likely found within an email link that you or someone else clicked on.

Basically what the ransomware will say if you get it on your computer is: "We encrypted all of your precious files, pictures, videos, etc. If you want them back, you have to pay us $500 to get them."
Of course, it's not just $500 in a transfer from your bank or Western Union, it's Bitcoin that they want.

What is Bitcoin? From the questions I've asked of people in their 30's and 40's, about 10% of them have actually even heard of Bitcoin. Then, ask people in their 50's and later and it goes down even more. The reason for this is because Bitcoin is a virtual currency or digital currency. It has only been around since 2009 and only in the past 2 years has it even been heard of more in the main stream.

Back to the ransomware you may have gotten. There are a few steps you want to do right away if you even think you may have gotten this terrible virus.
First, turn off your computer. Don't just hibernate or put it to sleep though, especially if it's a laptop. Take out the battery, pull the power cord, undo everything. The reason you want to do this is because the ransomware needs computing power to encrypt your files. No power = no more encryption and loss of your files.
Second, if you had a flash drive or backup hard drive attached to the computer, consider them compromised as well. You don't know how far the encryption may have spread. If this happened on your work computer, tell your IT staff right away; it could spread throughout the network and infected other computers and/or backup drives. Don't plug in any of the possible compromised devices in any other computers until you know they have been checked, the ransomware could spread after being plugged in.
Third, call your local IT company to find out if they can help you to recover your files. FM-IT Direct can do this for you of course!
One thing to note, if you decide not to pay the ransom, depending on what all you have on your computer, how important it is, if you have backups, etc., the files that have been encrypted ARE NOT recoverable.

How is FM IT Direct supposed to recover my files then? The files that are on your computer and devices that are not encrypted yet, (because you shut off your computer right away) can still be recovered.

From the story at the beginning of this lengthy article, the woman ended up paying the ransom and getting her files back, through quite a lengthy process.

One final thing to note. Even if you get the money together to pay and get your files back, the ransomers could just not send you the key and you'd be out both your money and your files. Or, if wherever the server is in the world that is holding your key were to be seized by the authorities and shutdown, you would also lose your files, whether you paid or not, or were going to pay.

One of the best things you can do is to get a backup solution such as Carbonite, (which FM IT Direct is an authorized reseller of) and having "versioning" in place. Having several versions of your backup files makes it so that if your computer gets ransomware on it and is completely compromised, your latest backup or a version of it, will still be safe and intact.

If you have any questions about this or any other service that FM IT Direct provides, please click here to be routed to the contacts page, or call 701-491-8750.