Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Repost: ransomware

 Dear Reader–today, unexpected personal obligations makes it unlikely that I will be able to post my article in a timely fashion.. if at all. So in the interim I am reposting an article about a fiendish method of digital extortion. Please check back later, as I may get the new one up. This post appeared 8/14/07.

“Your files have been encrypted–send me $500 for the key.”
An item in the news has spurred me to interrupt the series on ‘when it’s time for a new computer’, which I’ll resume tomorrow. An article in Newsweek calls this a “new” phenomenon, but I assure you it is not — it even has a name: ransomware.

As my loyal readers know, I am constantly advising security, security, security! I have a “thing” … I detest digital Evil Doers.
Ransomware is a type of worm and/or trojan horse that runs a RC4 encryption algorithm on your hard drive. This ‘scrambles’ your files and makes them unreadable … unless you have the ‘key’. The malware leaves several (readable) read_me.txt files which tell you what has happened, and where to send money to buy the key. Your data held hostage. Without the key, all you have is gibberish. Without paying the ransom, you have no key. Or, that’s the idea anyway.
I haven’t talked about ransomware before because it has not been a very common, or rewarding attack.

What this means to you is that it is more important than ever to have an off-machine backup and up-to-date malware protections in place. You do have a recovery backup … don’t you??? Please click this link to read my article on creating backups. It is important to understand that what this piece of code does (and this is true of most malware), it does, or tries to do, to every drive it can find. That means every storage device attached to your computer, such as the hypothetical drive “E:\” in the ‘how to auto-backup’ article, will get scrambled. If you store your backup (and/or backup image) on a partition, or USB attached hard drive, it is effectively gone as a result.

Tip of the day: I will reiterate, because it’s so gosh-durned important, that you should store a recovery backup in two locations; usually this means two different storage media types. In this case I’m referring to CD’s or DVD’s, and a second drive.
I use a 3rd party “disk imaging” application (I happen to have got a deal on Norton Ghost [free after rebate], but my reco is Acronis True Image) which automatically breaks the system backup into disk-sized pieces. But you do not need such a program; you can use your zip program (see today’s free link) to do the same thing to a Windows Backup.bkp file. It will take several disks, so be sure to stock up.

If you have Windows Vista Home Premium or Ultimate Edition, you have a powerful system backup utility (built in) that will copy a recovery backup to disk, or other storage, that works through an easy to follow wizard. And you also have a delightful command line imaging tool called Ximage that I suggest you look into.

The main point I want to get across is that if you should, one day, discover that some Evil Doer has scrambled your files and wants money to descramble them, DO NOT SEND THEM MONEY. RC4 can be broken. You can find the password (the ‘key’) posted on the Internet, and use it to get your files back. You also should take a seriously critical look at your Internet protection apps … either you didn’t have them, or they let you down. Fix that.
If this happened to me, I wouldn’t bother with trying to decrypt my files. I wouldn’t trust that the trojan wasn’t still lurking, (possibly as a rootkit) ready to pull the same stunt again and demand another ransom. I would format my hard drive and boot my first recovery CD and restore my system from the backup. This backup would not contain the trojan, because I make system recovery DVDs once a month, nor my most recent files … those I would recover from a network drive, or live without.

So. You do have a system backup, right?

Today’s free link: there are many zip utilities out there, and Windows comes with a “compressed folder” zip tool, and selecting one is a matter of taste. They all do basically the same thing: take a big file (or folder) and run a compression algorithm to make them smaller (“zipped”). Some are free and some are for sale — typically under $20. The free zip tool I use is 7-Zip. It has all the features you need, and actually does compress.

Can I ask you a favor? Would you be willing to “grade” me and Tech–for Everyone? I have a brief, 5-question survey I’m asking all my readers to take. Click Here to take survey I would appreciate your input. Thanks.

Update 8/16/07: There’s a report on Sunbelt of a new ransomware, and this one only demands $150. Click here for an interesting read.

Copyright © 2007 Tech Paul. All rights reserved.

Share this post :

September 7, 2007 Posted by | advice, anti-spyware, antivirus, Backups, computers, encrypting files, file system, how to, PC, Phishing, privacy, ransomware, rootkits, security, tech, Vista, Windows, XP | Leave a comment