Your Files are Encrypted and the Criminals are Demanding a Ransom
Criminals send very convincing emails that includes your personal information such as your name, home address, phone number, and job title. The emails appear legitimate, and are well-written.
The attackers use a variety of pretexts to encourage you to open the attachment or click the link. Typically, these include getting a bill from a company, a fine for some “illegal activity” from your computer, a note from a bank or credit card, a letter from the IRS, and a variety of other potentially threatening ruses.
Other attacks may come from your browser – some ransomware is automatically downloaded when you visit a malicious website or a site that has been compromised. This will pop up an error message in your browser telling you to call Microsoft technicians or indicate that your files are encrypted.
Clicking the attached file or malicious link runs software that encrypts your data files and prevents you from being able to use them until you pay a ransom to the criminals. The longer you wait to pay the ransom, the higher it becomes. The amount of the ransom varies, but it ranges from several hundred dollars to thousands of dollars.
Very often, anti-virus software is unable to detect that the attachment is malicious because the criminals are developing tens of thousands of new attacks every day. The anti-virus software cannot keep up with so many new attacks.
What to Do
• Do not open the attachment. Do not click any links in the message, and delete the email.
• If you are still convinced that the message is real, then contact the sender by phone (do not use any phone number that may be provided in the email – it could be faked also) and ask about the email.
• The inclusion of your personal information in the email is done to gain credibility and to cause you to lower your defenses.
• Many times the “sender” is an organization that you’ve never done business with. This is a very good indication that the message is a scam.
• Messages from legal authorities that say they’ve detected illegal activities is a good indication of a scam. These warnings are fake and have no association with legitimate authorities. The message uses images and logos of legal institutions to make the message look authentic.
How to Protect Yourself
• Don’t click links or open attachments or emails from people you don’t know or companies you don’t do business with.
• Be sure to use an up-to-date and reputable antivirus solution.
• Make backups on a regular basis. Rotate the backup media between different backup devices so that there is more than one physical copy of your backups. Keep them in a different location from your computer.
• Keep your operating system and software applications patched and up-to-date.
If You’ve Opened the Attachment or Clicked the Link
• If you’ve opened the attachment or clicked the link, then there is a good chance that your files are going to be encrypted and rendered useless. In some instances, reputable anti-virus vendors have tools to recover your files.
• Use a reputable anti-virus solution to see if it can recover your files and remove any infection.
• If there is no freely available decryption solution, then you may have to pay the ransom to get your files back. There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again.
• Consider bringing your PC into a reputable repair shop to help you with the problem.
• Another alternative is to simply wipe the computer and reinstall the operating system and all of the software. You will lose any data on the disk drive. If you have current backups, then you can restore the data from those backups.
If You Paid the Ransom
• Contact your bank and your local authorities, such as the police. It’s unlikely the police will be able to do anything, but having a report might be helpful. Since this attack is extortion, the FBI may be interested.
• If you paid with a credit card, your bank may be able to block the transaction and return your money.