Why has my computer been locked?
You’re working on your computer and an oddly worded message pops up with the words “Your computer has been locked”! After having a short panic attack you’re scared to read on but more importantly you don’t know what you should do next.
Hopefully you’ve just heard of Ransomware, and are reading this from the “What can I do to prevent Ransomware?” perspective. If you are not part of the latter group, I sympathize with you. Your computer has been locked because someone out there in the world would rather take than earn, not because the FBI has a personal interest in you (Generally speaking,… I don’t know you and am just assuming you are not wanted by the FBI). If the FBI (Or any authority) did have interest in you, this is not the way they would go about doing things. This is purely motivated by monetary gain, and the person on the other end most likely has no idea who you are. Please read on for more information as to what to do if you have been struck by Ransomware and what you can do to prevent these types of attacks going forward.
How do I get my files back?
First you need to understand the two types of Ransomware to get an idea of the complexity that will go into file recovery.
The first type is referred to as a “Lockscreen” and typically places an image in the foreground that prevents you from clicking anywhere but on the image. This type of Ransomware can usually be defeated by someone that is a little tech savvy.
The second is more complex and is called “File-Encrypting” Ransomware. As the title suggests, file-encrypting Ransomware locks all the files on the computer with a military grade encryption, requiring a lengthy key to open them back up. Unlike the “Lockscreen” type which can be disabled, File-Encrypting Ransomware is a beast all its own. Unless you have a reliable backup, there is virtually no tech savvy shortcut around it. Given that you have a remote backup (Cloud storage or an external drive that wasn’t connected to the machine at the time of infection), the easiest and most secure option is to wipe your Hard Drive clean and start from the ground up (Reinstall your operating system / Programs / Transfer your data back).
“But wait, I don’t think I have a remote or cloud backup?!”
If you just asked yourself that question, I would HIGHLY recommend getting something like this ASAP! We have a great guide to backing up your computer that will help you get a backup going, but make sure once your backup completes you disconnect the external or USB drive you used. Most Crypto-ransomware will encrypt all files in all available connected drives on your computer (including network share drives)! Using a simple, automatic cloud backup service such as Carbonite or Backblaze will also ensure you keep your files safe also.
Both of these flavors of Ransomware will ask for monies in return for your files so you end up with a functioning computer again. Ransomware typically will also accuse the victim of a crime, in order to scare the victim into paying, and deter them from contacting the real authorities. If the real authorities are contacted, there is virtually nothing they can do to help you, and will suggest you to not pay. In my humble opinion, sometimes paying is the only way, but not before exploring all options.
While there is no guarantee you will get what is promised to you once payment is received, most of the people behind the scenes have an “Honor Amongst Thieves” mentality, and are happy with the money and do not need to pursue ruining someone’s day any further. Also, surprisingly, there is usually a corporate structure (Ransomware as a Service) with its own rules and regulations behind it. If you are infected, contact a professional to determine if it is a Lockscreen or File-Encrypting piece of Ransomware if you are finding it difficult to determine, and see what they think can be done.
How do I protect myself against Ransomware?
To understand what we can do to protect ourselves, we must first understand how an infection occurs. While there are several ways one can become infected, I am going to focus on the main methods.
The three main methods cyber criminals use are: Drive-by downloads; Malicious links and attachments; and Pay-Per install infections.
Drive-by downloads are usually hosted by a malicious site under the guise of a legitimate business (a movie streaming service for example), or from a legitimate business’s website that was high-jacked by a hacker or a collective thereof. Drive-bys are ran in the background and the end user will not notice anything is happening unless you have an up to date Anti-Virus that prevents the download, or the infection makes its way onto your PC causing issues.
Malicious links and attachments are usually facilitated via Email. These Emails can be spoofed to appear to come from someone you know, and I have even seen them spoofed to look like a message you have sent yourself. Most likely they will be from an unknown sender and this should set off a red-flag. Again, a strong up to date Antivirus can help protect against these, but the key is to be diligent and suspicious of all Emails, and only follow trusted links and download known / expected attachments.
Lastly, let’s discuss Pay-Per install infections. This is where that corporate structure previously mentioned comes into play. There are “Black Hat” corporations, with a host of computers already infected with some piece of malware or another, which will accept payment to install Ransomware onto their pre-infected machines. This allows whoever is distributing the Ransomware to capture a large demographic with very little effort. The best way to prevent this is to keep your system clean at all times (run weekly scans and implement safe browsing practices into your routine).
Ultimately the only way to ensure you are never affected by a piece of Ransomware is to have a up-to-date remote back-up in place. While having an Anti-Virus helps, there is a constant battle between the suppliers of the Anti-Virus software suites, and the criminals developing malicious software, which makes it impossible to guarantee any one solution will stop all threats. With a solid back-up plan in place, if an unrecoverable disaster were to strike, you always have that safety blanket of knowing your data is secured. With most Ransoms being upwards of $500 with no guarantee of your data being returned to you, and your data being so important that no dollar value can be assigned to it, a data back-up plan starts to sound more and more affordable. And in today’s society, I do not know a single technician that would call it anything but absolutely necessary.
Final note: Despite the great response from antivirus and security vendors, the only 100% effective method of recovering from a ransomware attack is TO HAVE A CURRENT OFF-SITE (like in the cloud) backup in place that you can restore your system from. Carbonite provides this for only $59.99/year! So we highly recommend it.
Click below for a free 2-week trial as our gift to you for reading this article!