Tabard IT Ltd
2-18 Turnhouse Rd
Tel: 0131 339 9448
Imagine you’re chilling out and planning your next holiday. You are moments away from booking your next trip, and safe in the knowledge that your computer is secure enough for your credit or debit card. You assume your PC is free from scareware and ransomware peddling nasties. Then you browse on another site whilst pondering your decision.
Suddenly, a rather convincing dialog box is seen in the browser window. You doubt your own security procedures and click on the box. Then all hell breaks loose. It roots through your hard drives, external drives, even your network drives. After all that, you find your files and applications have been encrypted. A notice appears stating that your files and apps will be lost forever after a given period of time. It asks for your card details. This is Ransomware; before then, the false flag security message in your browser may direct you to their advertised program, which is Scareware.
Scareware plays on our computing anxieties; ransomware is the binary equivalent of “£500, or your dog gets it”. Peddlers of which play on our fears of lost files or phishing into bank accounts, and ape the graphics of well-known programs or operating systems. The user may see some assurance in the presence of a Windows logo or other convincing imagery. The names of scareware programs may be similar to legitimate programs in the marketplace.
Among the most notorious examples of ransomware is Cryptolocker. In this YouTube clip seen below, we see how it implores users to pay €300 to purchase a decryption key.
Cryptolocker is a threat to both Windows and (via virtualisation programs like Parallels and Bootcamp) Mac OS X PCs. It is passed on to PCs via infected websites and email attachments as a .exe file. Clicking the .exe file leads to the arrival of a red dialog box, imploring you to pay a certain amount to decrypt your files. Payment is made via Bitcoin or the MoneyPak money transfer system.
If your PC has been infected, it is possible to eliminate all traces of Cryptolocker and similar programs. This can be done through Windows’ registry settings or Malwarebytes, a free-to-download program. This video by David A. Cox shows you how.
After you have followed the tips, reboot the machine, then download a copy of Shadow Explorer to retrieve your lost files. Alternatively, you may prefer to go into System Restore mode on your copy of Windows. By returning it to the point before Cryptolocker infected your files, everything should be ‘as you were’. After that, you do deserve a break.
Where scareware shares similar characteristics to ransomware is during its supposed ‘detection’ of viruses, malware and other nasties. On ‘detection’, it states how the program is only a trial version or a demo with limited features. Therefore, the user is compelled to click a box advertising the full version. Guess what happens? The dialog box implores you to pay a certain amount, using a money transfer system – ransomware without the ransom.
In return, both your PC and your bank balance are ruined (cue one corrupted hard drive and an empty wallet). Therefore, your compromised PC is saddled with a wholly inadequate fake internet security package. Well, one that is better at phishing and adding viruses than preventing them at all.
Even now, neither scareware nor ransomware is going to go away from our PCs. In fact, most recent installations are more intelligent, many not even needing a click. The first quarter of this year alone has seen heightened activity with rivals to Cryptolocker including SamSam, Petya, TeslaCrypt and Locky. After targeting small businesses and individuals, peddlers of such software have turned their guns to multinational companies and government departments.
If you follow all five of our tips, you’re on the road to beating the ransomware and scareware peddlers. Your hard drive and files are too precious to leave to chance.
Tabard IT, 30 March 2016.