Skip to content

Ransomware in the News

December 11, 2016

You’ve never heard of ransomware.  You are simply using your computer like you normally do.  Suddenly a message appears on your screen.  It says that all of your files have been encrypted.  All of your e-mail messages, all of your document files, all of your pictures have disappeared!  The message on the screen demands a ransom, payable immediately, to have your files returned.  That’s ransomware.

Ransomware has been in the news recently.  It could happen to you.  Here’s one news article about it that I saw recently.  I also read the comments that followed that article, just to see what people had to say about ransomware.

One comment stood out for me.  It put the blame on Microsoft, saying that not displaying the file name suffix in Windows was the cause.  By default, Windows displays an icon that represents the file type rather than displaying the file name suffix, which also indicates the file type.  Citing this behavior as the cause is both misleading and unhelpful.

This statement assumes that people will recognize suffixes rather than icons.  It’s not true.  People don’t know that EXE is dangerous but JPG is safe.  They still don’t know when they are presented instead with the icons for these file types.  They only know that they can click on an icon to open a file, or to double-click if that doesn’t work.  Windows, though, does know which file types are dangerous.  Windows displays a warning in a dialogue box when you attempt to open a dangerous file.  It says “some files can damage your computer”, or words to that effect.  Heed the warning.  If you are installing software, you can probably ignore the warning.  Otherwise, tell it not to proceed.  Above all, don’t disable the warning.

It’s files with executable content that causes the infection.  These may be EXE files, but they can also be many document files, some image files, or many obscure file types.  Windows will warn on all of these.  Heed the warning!

I’ve read about many ransomware infections on the SANS web site.  They generally start with an e-mail message that carries an executable attachment.  The e-mail message is very convincing, designed to entice the person to open the attachment.  The attached file looks innocent, but it isn’t.  If the person opens it, it downloads the actual ransomware from a web site, and runs it.  The ransomware encrypts all of the files and then demands payment.  At that point, it’s too late to do anything but restore the files from backup.

How do you defend your computer and your files against such an infection?  Backup is the best way.  Anti-virus software generally doesn’t work in this situation.  The key is to avoid opening executable files, whether they arrive as e-mail attachments or as downloads from web sites.  Corporate installations can prevent ordinary computer users from executing files that reside in their own folders, but people at home don’t have this option.

Once your files have been encrypted, you have few courses of action left.  The best is to reinstall Windows and restore your files from backup.  You could also just reinstall Windows and abandon your files.  Otherwise, you will have to pay the ransom to get your files back.

 

Advertisements

From → Uncategorized

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: