Your files have been encrypted–send $100 for the key
“ATTENTION!!!!!! YOUR PERSONAL FILES WERE ENCRYPTED WITH A STRONG ALGORYTHM RSA-1024 AND YOU CAN’T GET AN ACCESS TO THEM WITHOUT MAKING OF WHAT WE NEED!”
An item in the news has spurred me to interrupt the series on ‘when it’s time for a new computer’, which I’ll resume tomorrow. An article in Newsweek calls this a “new” phenomenon, but I assure you it is not — it even has a name: ransomware.
As my loyal readers know, I am constantly advising security, security, security! I have a “thing” … I detest digital Evil Doers.
Ransomware is a type of worm and/or Trojan horse that runs a RC4 encryption algorithm on your hard drive. This ‘scrambles’ your files and makes them unreadable … unless you have the ‘key’. The malware leaves several (readable) read_me.txt files which tell you what has happened, and where to send money to buy the key. Your data held hostage. Without the key, all you have is gibberish. Without paying the ransom, you have no key. Or, that’s the idea anyway.
What this means to you is that it is more important than ever to have an off-machine backup and up-to-date malware protections in place. You do have a recovery backup … don’t you??? Please click this link to read my article on creating backups. It is important to understand that what this piece of code does (and this is true of most malware), it does, or tries to do, to every drive it can find. That means every storage device attached to your computer, such as the hypothetical drive “E:\” in the ‘how to auto-backup’ article, will get scrambled. If you store your backup (and/or backup image) on a partition, or USB attached hard drive, it is effectively gone as a result.
Tip of the day: I will reiterate, because it’s so gosh-durned important, that you should store a recovery backup in two locations; usually this means two different storage media types. In this case I’m referring to CD’s or DVD’s.
I use a 3rd party “disk imaging” application (I happen to have got a deal on Norton Ghost [free after rebate], but my reco is Acronis True Image) which automatically breaks the system backup into disk-sized pieces. But you do not need such a program; you can use your zip program (see today’s free link) to do the same thing to a Windows Backup.bkp file. It will take several disks, so be sure to stock up.
If you have Windows Vista/Win 7 Home Premium or Ultimate Edition, you have a powerful system backup utility (built in) that will copy a recovery backup to disk, or other storage, that works through an easy to follow wizard. And you also have a delightful command line imaging tool called Ximage that I suggest you look into.
The main point I want to get across is that if you should, one day, discover that some Evil Doer has scrambled your files and wants money to descramble them, DO NOT SEND THEM MONEY. RC4 can be broken. You usually can find the password (the ‘key’) posted on the Internet, and use it to get your files back. You also should take a seriously critical look at your Internet protection apps … either you didn’t have them, or they let you down. Fix that.
If this happened to me, I wouldn’t bother with trying to decrypt my files. I wouldn’t trust that the Trojan wasn’t still lurking, (possibly as a rootkit) ready to pull the same stunt again and demand another ransom. I would format my hard drive and boot my first recovery CD and restore my system from the backup. This backup would not contain the trojan, because I make system recovery DVDs once a month, nor my most recent files … those I would recover from a network drive, or live without.
So. You do have a system backup, right?
Today’s free download: there are many zip utilities out there, and Windows comes with a “compressed folder” zip tool (right-click > Send to > Compressed folder), and selecting one is a matter of taste. They all do basically the same thing: take a big file (or folder) and run a compression algorithm to make them smaller (“zipped”). Some are free and some are for sale – typically under $20. The free zip tool I use is 7-Zip. It has all the features you need, and actually does compress.
* Orig post: 8/14/07
Bonus (for reading this far): Get A Great Paid Android App For FREE Every Day by Ramblinrick
“After getting my tablet PC, the Toshiba Thrive, I was excited and motivated to learn more about the Android Operating System and the apps that are available. If you know me and follow my blog, you know that the blog predominantly features FREE software. When I started using my tablet PC I soon discovered that..” Read more..
Today’s quote: “Families are like fudge – mostly sweet with a few nuts.” ~ Unknown
Copyright 2007-2011 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.