Security

Ransomware takes your computer hostage: Here is how to defend against it

June 17, 2014 at 6:12 PM ET

Criminals can now take computers hostage, threatening to wipe out all files if the victims don’t pay up.

No masked men are involved. Instead, the perpetrator is ransomware, viruses that infect computers and demand a ransom of hundreds of dollars to access the files again.

Video: Hackers have found a new way to lock your computer, controlling everything on it, until you pay a ransom. The F.B.I. is calling this one of the most sophisticated computer viruses ever. NBC’s Janet Shamlian reports.

The most famous example is Cryptolocker, a virus that was delivered a serious blow earlier this month when several security firms and the U.S. Department of Justice teamed up to arrest several people allegedly involved in the scam. The FBI identified Evgeniy Mikhailovitch Bogachev, a Russian national whose whereabouts remain a mystery, as the mastermind.

While that threat has been "largely mitigated," there are others ready to take its place, according to Adam Meyers, vice president of intelligence at CrowdStrike — one of the firms that helped nearly take Cryptolocker down.

Just last week, Meyers told NBC News, he purposely infected his computer with Cryptowall to see what would happen. The result: It demanded $500 if he ever wanted to see his files again, and gave him 200 hours to cough up the money in bitcoins. The "ransom" grew to $1,000 once the deadline got closer. (It even had a "help" section with instructions on how to pay).

With ransomware, when the clock hits zero, victims can see everything on their hard drive become inaccessible forever: family photos, important financial documents, music and more.

“In the last couple of months, we have seen a big upswing in these kinds of attacks,” Kerstyn Clover, a security consultant for SecureState, told NBC News.

Ransomware might be a nasty piece of software, but it can still be avoided like any other piece of malware. Here is how you can protect your files from digital criminals.

Don’t Open Strange Attachments

This is pretty much always good advice. Like many other forms of malware, ransomware is most often downloaded as an email attachment or through a link in an email. Cryptowall often is disguised as an urgent voicemail or fax that needs to be opened in an email, Meyers said.

"Never open an email attachment that comes from someone you don't know," he said. 

If you get a strange email or instant message from someone with an attachment or link, ask them about it rather than opening it first. 

“Unfortunately, once something happens, it’s too late,” Clover said.

Yes, ransomware can be removed from a computer – but the files it encrypts are pretty much gone forever. For the most part, they can never be decrypted. That is why the best defense is never downloading the virus in the first place.

Use Protection

Again, ransomware isn’t some kind of superbug. It’s malware that can be detected by anti-virus software, provided that software is up to date. Security patches for operating systems should also be updated frequently.

That is not a full-proof defense. Anti-virus software can’t stop people from rashly opening malicious files. But it’s better than nothing. Many browsers also have add-ons that prevent any scripts from running automatically, which can stop ransomware from even getting started.

Back Up Your Files

External hard drives are pretty cheap these days. Need 4 TB of storage? That can be found for less than $200. Regularly backing up files is good protection from ransomware, since the malware itself can be removed relatively easily — it's the documents that are ruined. 

Using a program that creates system images, which are exact copies of programs and files, is another good option.

One big caveat: If an external hard drive is connected to an infected computer, it runs the risk of being infected as well.

"Whatever drive you are using, make sure it's not connected to the system," Clover said. That includes both external hard drives connected via cables and drives connected to a wireless network, she added. 

 Get on the Cloud

As security researcher Brian Krebs wrote last year, “Cryptolocker might be the best advertisement yet for cloud data storage systems.”

The threat has only increased since then, really taking off in March, Clover said. Luckily, cloud storage services — which store files on their own servers and let users access those files from home — have also become more common. 

That includes Dropbox and Google Drive, which offer 2 GB and 15 GB of free storage space, respectively, with more available for a monthly fee. 

Overall, there are a lot of companies out there willing to provide relatively inexpensive space to store files without the need for bulky external hard drives. (And, of course, viruses can’t delete photos on Facebook or music playlists on Spotify).

Bite the Bullet

Once a computer is infected, it's game over. Of course, some businesses and organizations can't just let important files disappear. In 2013, the Swansea Police Department in Massachusetts was forced to pay $750 in order to save files after its system was infected by Cryptolocker. 

Nobody likes negotiating with hackers. But if you don't back up your important files, you might not have a choice. And even then, there have been cases of people paying the money but not getting the keys to unlock their files. 

"There is really nothing you can do," Clover said, "There is no honor among thieves."

TOP