What Ransomware is and How to Deal with It

A number of people I know have had their PCs infected with the form of malware that is being called “ransomware”. Here is what ransomware is and what you should do if you get infected by it.

Ransomware is a more vicious form of the widespread category of malware known as “scareware”. In this variant of scareware, crooks take over your PC and threaten to destroy your files if you don’t pay up. The malware then starts erasing your stuff if you don’t provide a hefty bribe to some account that they provide. Another variant claims that you have child pornography on your PC and threatens to report you unless you pay. These extortion scams are why the name “ransomware” is used.

Scareware and ransomware are particular problems because they use trickery and social engineering to get around anti-virus programs. They use false messages to fool people into clicking links on pop-ups. These pop-ups are triggered by rogue JavaScript present on web pages that are visited. Well-known legitimate sites have had these scripts planted on them in advertising. The pop-ups look like a warning from your own anti-virus program and trick you into clicking on a link that gives the malware permission to install. Once installed they are a real problem to get rid of because they disable your anti-virus defenses. An example of a phony warning is shown below.


Click on this and you really are infected.

Note that browser extensions like NoScript and AdBlock Plus can help prevent these pop-ups.   If you do get infected, one way to deal with the problem is to use an external disk with security software to remove it. This gets around the problem of the malware disabling the local security software and blocking efforts to clean it.

Another way is to use the free Sysinternals tool called AutoRuns. Mark Russinovich, co-founder of Sysinternals and now a senior scientist at Microsoft, has a post about ransomware and describes how to use AutoRuns to find and eradicate an infection. (http://blogs.technet.com/b/markrussinovich/archive/2013/01/07/3543763.aspx)

Some of my colleagues preference for dealing with this sort of infection is to reformat the disk and then restore the backup image that you should be making at least weekly. Sadly, the great majority of average PC users that I encounter don’t back up regularly and they have to go through one of the tedious procedures mentioned above. In the meantime, ransomware may continue to wipe out files before you can get a fix on it. One more reason why regular backups are so important.


About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: