Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Your files have been encrypted–send $100 for the key

“ATTENTION!!!!!! YOUR PERSONAL FILES WERE ENCRYPTED WITH A STRONG ALGORYTHM RSA-1024 AND YOU CAN’T GET AN ACCESS TO THEM WITHOUT MAKING OF WHAT WE NEED!”

An item in the news has spurred me to interrupt the series on ‘when it’s time for a new computer’, which I’ll resume tomorrow. An article in Newsweek calls this a “new” phenomenon, but I assure you it is not — it even has a name: ransomware.

As my loyal readers know, I am constantly advising security, security, security! I have a “thing” … I detest digital Evil Doers.

Ransomware is a type of worm and/or Trojan horse that runs a RC4 encryption algorithm on your hard drive. This ‘scrambles’ your files and makes them unreadable … unless you have the ‘key’. The malware leaves several (readable) read_me.txt files which tell you what has happened, and where to send money to buy the key. Your data held hostage. Without the key, all you have is gibberish. Without paying the ransom, you have no key. Or, that’s the idea anyway.

What this means to you is that it is more important than ever to have an off-machine backup and up-to-date malware protections in place. You do have a recovery backup … don’t you??? Please click this link to read my article on creating backups. It is important to understand that what this piece of code does (and this is true of most malware), it does, or tries to do, to every drive it can find. That means every storage device attached to your computer, such as the hypothetical drive “E:\” in the ‘how to auto-backup’ article, will get scrambled. If you store your backup (and/or backup image) on a partition, or USB attached hard drive, it is effectively gone as a result.

Tip of the day: I will reiterate, because it’s so gosh-durned important, that you should store a recovery backup in two locations; usually this means two different storage media types. In this case I’m referring to CD’s or DVD’s.
I use a 3rd party “disk imaging” application (I happen to have got a deal on Norton Ghost [free after rebate], but my reco is Acronis True Image) which automatically breaks the system backup into disk-sized pieces. But you do not need such a program; you can use your zip program (see today’s free link) to do the same thing to a Windows Backup.bkp file. It will take several disks, so be sure to stock up.

If you have Windows Vista/Win 7 Home Premium or Ultimate Edition, you have a powerful system backup utility (built in) that will copy a recovery backup to disk, or other storage, that works through an easy to follow wizard. And you also have a delightful command line imaging tool called Ximage that I suggest you look into.

The main point I want to get across is that if you should, one day, discover that some Evil Doer has scrambled your files and wants money to descramble them, DO NOT SEND THEM MONEY. RC4 can be broken. You usually can find the password (the ‘key’) posted on the Internet, and use it to get your files back. You also should take a seriously critical look at your Internet protection apps … either you didn’t have them, or they let you down. Fix that.

If this happened to me, I wouldn’t bother with trying to decrypt my files. I wouldn’t trust that the Trojan wasn’t still lurking, (possibly as a rootkit) ready to pull the same stunt again and demand another ransom. I would format my hard drive and boot my first recovery CD and restore my system from the backup. This backup would not contain the trojan, because I make system recovery DVDs once a month, nor my most recent files … those I would recover from a network drive, or live without.

So. You do have a system backup, right?

Today’s free download: there are many zip utilities out there, and Windows comes with a “compressed folder” zip tool (right-click > Send to > Compressed folder), and selecting one is a matter of taste. They all do basically the same thing: take a big file (or folder) and run a compression algorithm to make them smaller (“zipped”). Some are free and some are for sale – typically under $20. The free zip tool I use is 7-Zip. It has all the features you need, and actually does compress.

* Orig post: 8/14/07

Bonus (for reading this far): Get A Great Paid Android App For FREE Every Day by Ramblinrick

After getting my tablet PC, the Toshiba Thrive, I was excited and motivated to learn more about the Android Operating System and the apps that are available. If you know me and follow my blog, you know that the blog predominantly features FREE software. When I started using my tablet PC I soon discovered that..Read more..

Today’s quote:Families are like fudge – mostly sweet with a few nuts.” ~ Unknown

Copyright 2007-2011 © “Tech Paul” (Paul Eckstrom). All Rights Reserved.


>> Folks, don’t miss an article! To get Tech – for Everyone articles delivered to your e-mail Inbox, click here, or to subscribe in your RSS reader, click here. <<


October 12, 2011 - Posted by | advice, Android, computers, cyber crime, free software, hackers, Internet | , , , , , ,

4 Comments »

  1. Re: Bonus (for reading this far): You should, also try…GetJar – Appsolutely Everything for Nokia, BlackBerry, Android, Samsung, Sony Ericsson, LG, Palm. No time limit..free all the time.

    And I love makeusof.com and all their “how to do/how it works” Manuals-pdfs. Here’s one for your Android. Excellent Guide To Ins And Outs Of Android OS (Download) | MakeUseOf You have to sign up for newsletters to get the password..which are really worth it or “Like” them on Facebook…..grumble…..

    They have over 50 manuals..really worth checking out

    Download MakeUseOf Guides

    Re: Ransomware: I have a 2Gig harddrive unplugged with my backup.

    Comment by delenn13 | October 14, 2011 | Reply

    • “Re: Ransomware: I have a 2Gig harddrive unplugged with my backup.”

      What can I say? Another Silver Star.

      And another for sharing those links…

      That ought to chase away any bad mood… ;-)

      Comment by techpaul | October 14, 2011 | Reply

  2. Bribery??? I would think.

    Some of those manuals are a a steal for free. So much info.

    Comment by delenn13 | October 14, 2011 | Reply

    • well… those are only #’s 4 & 5 (or.. maybe TPSS #5 and #6) in four plus years of daily posting — so they have extra bribery juice.

      Comment by techpaul | October 14, 2011 | Reply


Post your Comment/Question

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 232 other followers

%d bloggers like this: