Online security seems such an abstract and distant field, where other people get hurt, but somehow you stay safe, either by luck or internet savvy.
However, the truth is, it could happen to anyone and it might even have happened to you in the past.
They say that nothing beats learning from experience, but sometimes it’s best to learn from other people’s experience rather than your own and this is one of those opportunities.
See where a man just got an indefinite jail time for refusing to decrypt two hard drives.
Now, lets have a look at this video:
Here is the first in a series of stories about real people whose system was compromised by cyber criminals and what they learned about the best ransomware protection.
#1. The mom whose laptop was locked down by a ransomware attack
Two days before Thanksgiving, Alina’s mother got hit by a ransomware attack. 5,726 files got locked by CryptoWall, an encryption malware so powerful it is technologically impossible to break open.
Alina’s mom contacted the attacker through the ransomware’s communication feature and told her she can either pay to get her files back or lose them forever. Despite backing up her files 6 months ago, she decided that losing half a year’s worth of photos, documents and other files was too much, and so decided to pay the ransom.
The price to unlock her files was 500$ in the first week and 1000$ if it went into the second week, after which the files would be deleted. Payment was being done in Bitcoin, an obscure and unfamiliar process which she had to learn on the fly.
Because of a major snowstorm that closed down the banks, Alina’s mom couldn’t pay the ransom in the first week and ended up having to plead with her attacker to not increase the price to 1,000$. Surprisingly, he accepted and gave her the key to unlock her files.
MY mother received the ransom note on the Tuesday before Thanksgiving. It popped up on her computer screen soon after she’d discovered that all of her files had been locked.
Your files are encrypted,” it announced. “To get the key to decrypt files you have to pay 500 USD.” If my mother failed to pay within a week, the price would go up to $1,000. After that, her decryption key would be destroyed and any chance of accessing the 5,726 files on her PC — all of her data — would be lost forever.Sincerely, CryptoWall.
CryptoWall 2.0 is the latest immunoresistant strain of a larger body of viruses known as ransomware. The virus is thought to infiltrate your computer when you click on a legitimate-looking attachment or through existing malware lurking on your hard drive and, once unleashed, it instantly encrypts all your files, barring access to a single photo or tax receipt.
Everyone has the same questions when they first hear about CryptoWall:
Is there any other way to get rid of it besides paying the ransom? The answer is No — apparently it is technologically impossible for anyone to decrypt your files once CryptoWall 2.0 has locked them. (My mother had several I.T. professionals try.)
Should We Pay A Ransom To Criminals?
But should you really be handing money over to a bunch of criminals? According to the Internet Crime Complaint Centre, a partnership between the F.B.I. and the National White Collar Crime Centre, this answer is also no.
“Ransomware messages are an attempt to extort money,” one public service announcement helpfully explains. “If you have received a ransomware message do not follow payment instructions and file a complaint.”
Right. But that won’t get you your files back. Which is why the Sheriff’s Office of Dickson County, Tenn., recently paid a CryptoWall ransom to unlock 72,000 autopsy reports, witness statements, crime scene photographs and other documents.
Can These Attacks Be Stopped Legally?
Finally, can law enforcement at least do something to stop these attacks in the future? By Law, probably not. Many ransom ware viruses originate in Russia and other former Soviet bloc countries. The main difficulty in stopping cyber criminals isn’t finding them, but getting foreign governments to cooperate and extradite them.
By the time my mom called to ask for my help, it was already Day 6 and the clock was ticking. (Literally — the virus comes with a countdown clock, ratcheting up the pressure to pay.) My father had already spent all week trying to convince her that losing six months of files wasn’t the end of the world (she had last backed up her computer in May). It was pointless to argue with her. She had thought through all of her options; she wanted to pay.
Only, paying turned out not so easy; the CryptoWall hackers take only Bitcoins.
Making The Ransom Payment
Picture the kind of early-adopting, hoodie-wearing member of the technocracy totally comfy with the idea of a cyber currency neither backed nor issued by any central bank or government. Now picture the opposite of that. That is my mom.
Having never so much as purchased an app in her life, my mom had no idea how to buy Bitcoins. Luckily, her ransomers had anticipated this problem and included a link to a step-by-step guide, complete with pictures.
The fastest way to send the extra $25 was to make a direct deposit at an A.T.M. that handled Bitcoin transactions. That’s where I came in. Coin Cafe, the Bitcoin provider my mother had chosen, had an A.T.M. in Greenpoint, Brooklyn, not too far from where I lived.
The Bitcoin A.T.M. was not easy to find. It was housed in the second floor hallway of a cooperative work space, tucked inside an old Nynex phone booth. On one hand, I appreciated the winking irony of this sight gag. On the other hand, Fidelity Investments this was not.
Inside was a little white box with no buttons, just a screen, a camera eye and a money slot. I scanned in the QR code my mom had sent me. The machine whirred to life. “Balance query in progress,” it announced. This query remained in progress for the next 20 minutes during which I left three messages on Coin Cafe’s voice mail before abandoning the booth to get some coffee and walk around in the rain.
The fourth time I called, a human being answered the phone and told me the problem had been fixed. I hurried back to the A.T.M., scanned in my QR code, sent some Voldemorts $25 in crisp bills and called my mom. The whole experience had not done much to allay my misgivings about Bitcoin; what did allay them was Mike Hoats, the nice bearded man Coin Cafe sent over to fix the A.T.M.
We got to talking after I made my payment, and he told me that, while no one at Coin Cafe believed people should fund criminal activity by paying the ransom, their job was to broker the purchase and sale of Bitcoins, which, like cash, could be used for any purpose. CryptoWall had thrust them into the unwitting role of ransom ware advisers, coping with grandmothers crying on the phone at the thought of losing all their photos or small-business owners whose family income was on the line.
Coin Cafe didn’t like profiting from the victims (according to the company, these transactions are in the low single digits as a percentage of its total business), but they were downright mortified to learn that CryptoWall had anointed them as one of their Bitcoin providers of choice, with praise for their “fast, simple service.” That’s how my mom found out about Coin Cafe — from her ransom note.
This referral is only one of the handy services CryptoWall provides to ensure a more seamless customer experience. Others include the ability to “decrypt one file for free” and a message interface one can use “in case of any problems with payment or having any other questions.” What next, I wondered. Twenty percent off when you refer this malware to a friend? Frequent virus cards? Black Friday ransom specials?
They Don't Have To Pretend They're Not Criminals!
“I think they like the idea they don’t have to pretend they’re not criminals,” Chester Wisniewski, a senior security adviser at the computer security firm Sophos, told me when I reached him in Vancouver by phone. “By using the fact that they’re criminals to scare you, it’s just a lot easier on them.” They don’t have to hire a professional translator to get their English perfect, Mr. Wisniewski explained, or engage in any of the baroque subterfuge required of someone pretending to be a Nigerian gentleman farmer who just needs a little help claiming his inheritance.
In addition to being criminals, these peddlers of ransom ware are clearly business people, skillfully appropriating all the tools of e-commerce. From branding (CryptoWall is a variant of a fearsome earlier virus called CryptoLocker, which was shut down last year) to determining what they can extort (ransom ware hackers have tested the market with prices as low as $100 and as high as $800,000, which the city of Detroit refused to pay in order to have its database decrypted), these operators are, as Mr. Wisniewski put it, part of “a very mature, well-oiled capitalist machine.”
It’s also an incredibly lucrative machine: Some experts estimate that CryptoLocker hackers cleared around $30 million in 100 days in 2013. And more than a million PCs worldwide have been hit with the CryptoWall virus.
Even after reading through numerous descriptions of CryptoWall 2.0 as “the largest and most destructive ransom ware threat on the Internet” and “an enormous danger for computer users,” I still couldn’t help thinking this was mainly a problem for moms who persist in using big, boxy PC computers and small-town police departments. Mr. Wisniewski quickly dismissed that notion. Although CryptoWall has primarily affected Windows computers and Android cellphones so far, there is no technological barrier that prevents the virus from infiltrating Macs like mine. And when it does, Mr. Wisniewski chuckled, I should expect the ransom to be a lot higher.
So What Can We All Do To Protect Ourselves?
Keep our computers backed up on an independent drive or by using a cloud backup service like Carbonite, take those software update and “patch” alerts seriously and, most of all, Beware the Attachment. (Remember: Brand-name businesses like J. Crew or Bank of America will rarely send you an attachment.)
Of course, this advice arrives too late for my mom and, it appeared, her payment had arrived too late as well: By the time I got home from Greenpoint, her CryptoWall ransom had been raised to $1,000.00 and the $500 in Bitcoins she had deposited had vanished. In a panic, she wrote to Mike Hoats asking for advice. What he told her sounded crazy to me - Use the CryptoWall message interface to tell the criminals exactly what happened, be honest, in other words.
So she did. She explained that the virus had struck the same week that a major snowstorm hit Massachusetts and the Thanksgiving holiday shut down the banks. She told them about the unexpected Bitcoin shortfall and about dispatching her daughter to the Coin Cafe A.T.M. at the 11th hour. She swore she had really, really tried not to miss their deadline. Then a weird thing happened - her decryption key arrived.
When I shared the news with Mr. Hoats, he was jubilant. “That is great news, truly!” he wrote. “Whoever these yahoos are, they have some little shred of humanity.”
But Mr. Wisniewski had a more pragmatic take. “From what we can tell, they almost always honour what they say because they want word to get around that they’re trustworthy criminals who’ll give you your files back.”
Welcome to the new ransom ware economy, where hackers have a reputation to consider.
Is There Anything That Can Be Done If I Am Attacked?
What to do you do if your computer gets infected with ransom ware: do you pay up or try to find an alternative solution?
If you’re not ready to give up the fight, we have something that might help.
In the past few weeks, I’ve combed the web for decryption tools and I can tell you that it’s a never-ending process. It’s close to impossible to build up a complete database, because things change on a daily basis.
As new types of ransomware emerge, researchers decrypt some strains and others get new variants. There are tens or hundreds of them. Just like in a cat and mouse game, the chase never stops.
If this graphic would be filled out with the 2016 discoveries covering Q2 and Q3, you’d need a bigger screen to see this.
Believe it or not, there is a silver lining to ransomware’s popularity: the quality of the malicious code is steadily decreasing. As a result, cyber security specialists can crack the code faster and give victims a change to retrieve their data without further funding attackers.
Unfortunately, low quality ransom ware also endangers the affected data: one error in the code and it can all be erased instead of encrypted - but that’s a story for another time.
Let’s get to the point, because, if you’re reading this, it’s likely that you don’t have too much time on your hands. If you couldn’t avoid a ransomware infection, let’s see if you can help fix it.
As a disclaimer, you should know that the list below is just a starting point. Use it, but do a bit more research as well. Safely decrypting your data can be a nerve-wrecking process, so try to be as thorough as possible.
We’ll do our best to keep this list up to date, but it’ll probably never be definitive. Contributions and suggestions are more than welcome, as we promise to promptly follow up on them and include them in the list.
Some of the decryption tools mentioned below are easy to use, while others require a bit more tech knowledge to break. You can try asking for help on one of these malware removal forums, which feature tons of information and helpful communities.
Without further ado, here it is – the list that will hopefully help you get your data back from the prying hands of cyber criminals.
Ransomware Decryption Tools – an ongoing list
7even-HONE$T decrypting tool
Agent.iih decrypting tool (decrypted by the Rakhni Decryptor)
Al-Namrood decrypting tool
Alpha decrypting tool
Bart decrypting tool
Chimera decrypting tool + alternative 1 + alternative 2
Crypren decrypting tool
DeCrypt Protect decrypting tool
Mircop decrypting tool + alternative
As you may have noticed, some of these decryption tools work for multiple ransomware families, while certain strains have more than one solution (although this is rarely the case).
From a practical perspective, some of the decryptors are easy to use, but some require some technical know-how. As much as we’d want this process more simple and easier, it doesn’t always happen.
No matter how much work and time researchers put into reverse engineering cryptoware, the truth is that we’ll never have a solution to all of these infections. It would take an army of cyber security specialists working around the clock to get something like this done.
But being pragmatic doesn’t mean adopting a pessimistic outlook. In fact, if you apply the simple steps we outlined in the the anti-ransomware security plan, you can avoid this kind of attacks and their consequences.
Even if cyber criminals do manage to infect your PC, you can just wipe the system clean and restore your latest backup. No money lost and, most importantly, no important information compromised! So, please, please back up your data. Not tomorrow, not this weekend, not next week. Do it today!
I hope that it will solve some of your ransomware-related problems. Moreover, please think about sharing the simple principles outlined in the the anti-ransomware security plan, with your friends and family. It could spare them the negative experience of being a cyber attack victim.
Check out the current amazing Deals From Heimdal Security to enhance your PC Security above all normal Anti-Virus protection.
Are you already a member of the Wealthy Affiliate community?
If not, you can now check it out in the other pages and posts on Powerful Affiliate starting with how to start an online business that makes money - here you will find links to the current most popular and most important articles.
Or, right now, You can join as a starter member for free.......including two free websites - so nothing to lose, right.
That's it for today.
Thank you for visiting.
As always, I love to get your comments or suggestions so, please use the comment box below or, if you prefer, Contact Me.
Stay safe out there.
Cheers for now,