paul serkin the pcguy

Paul Serkin - The PC Guy

Computer Sales and Repairs Jerusalem

RANSOMWARE

slide-4What is it?

How do you get Infected?

How to Avoid It?

How to Recover From It?

 

WHAT IS IT?

  1. Ransomware is the name given to virus or attacks on your computer systems which hold out for a ransom from you.
  2. They usually either lock your PC so you can’t get into it or they encrypt or modify all of your files so you can’t open them.
  3. They leave you a message on your PC that in order to have your PC returned to you they require a payment (ransom). This is usually at least 600 USD.
  4. Since they are operating outside of the law, the money must be wired to their bank.
  5. There is no guarantee that even if you pay the ransom your PC will be returned to you.

 

How do you get Infected?

There are a few methods that are used to get these viruses on your system.

  1. You receive a telephone call (or an Email).
    1. The caller (or sender) claims to be from Microsoft or from your computer manufacturer or from your internet provider).
    2. They claim that they have noticed some potentially dangerous virus on your system and they offer to scan your system for free and remove the problem.
    3. While on the phone they give you certain information to make you believe they are legitimate.
    4. They then ask you to allow them to remote into your computer so they can check it out and remove the problem.

 

IMPORTANT: Neither Microsoft, nor any computer manufacturer, nor any Internet company will ever contact you this way, nor will they ever request access to your system.  Hang up immediately and/or delete the email.

 

  1. If you let them on your system, their “scan” will be in-fact embedding the virus deep in your system and recovery could be very difficult if it is even possible.

 

  1. You will receive an email with an attachment.
    1. The attachment could be a “ZIP” or “PDF” file or others.
    2. It will be from either a person you do not know or a person who it is uncommon that they should send you such an attachment.
    3. It could look like an email from a delivery service (FED EX, UPS, POST OFFICE) saying to click on the attachment to see your tracking information. If you have not requested tracking information you should delete the email immediately.   If you have requested tracking information you should go directly (not via the email) to that service (fedex.com), etc. request the tracking information directly yourself, on their website.
    4. If the message is from someone you know or believe their might be some legitimacy to the message, contact the sender – either via an email (not a reply to this message) or via telephone and ask them if they sent you something.
    5. By clicking on the attachment you will allow your computer to be infected and possibly made unusable.

How to Avoid It?

  1. Never, never, never let anyone you do not know remote into your system.
  2. Only allow those support people into your system if you have contacted them (or me) for support. Never if they initiated the contact.
  3. Never click on unknown or unfamiliar attachments.
  4. Keep your antivirus software up to date
  5. Make sure you have a backup of your system, especially the data files.

 

How to Recover From It?

  1. Firstly it is important to note that it is not always possible to recover your PC. Over the past 3 months I have dealt with four such “ransomware” attacks.
    1. One required a complete reformatting of the PC, losing all data (with the exception of Pictures).
    2. In one case the user actually paid the ransom before contacting me and after significant worry and effort was able to get the PC back. After the fact I scanned the computer and removed any traces of viruses that were left.
    3. The third PC was just used for internet access so there was no loss of data (yet) but as a safety precaution, I reformatted the PC back to factory fresh condition for the user.
    4. The fourth was the greatest triumph.
      1. I was able to remove the virus from the system using a variety of tools I have at my disposal, however, the encrypted files could not be un-encrypted, making them totally useless.
      2. Luckily the user had purchased the PCGUY / Carbonite backup system (https://www.thepcguy.co.il/cloud-backups/) . The original files all existed on the backup.
  • After removing the virus, I
    1. initiated a restore of all of the data files
    2. Removed all of the “encrypted files”
    3. Removed all of the notifications as to how to pay the ransom. This notification was all over the user’s computer. In fact there were over 12,000 copies of the message on the PC.
  1. The computer was restored, with all of its data, to full functionality

 

The efficacy of the PCGUY / Carbonite backup service speaks for itself.