Losing access to your files, whether precious photos or business documents, is something we hope you never experience. But if the worst happens and your PC and other kit ends up infected with CryptoLocker or some other ransomware, what should you do? Will the hackers actually honour the payment and hand over a decryption key? Here’s what we know.
Update 7 March: The first ransomware attack has hit OS X over the weekend. Users of the popular Bittorrent client Transmission found that a version of the software was infected with the OSX.KeRanger.A malware. Apple has already blocked the certificate and the makers of Transmission have issued a warning to avoid version 2.90 and install the newer 2.92.
Ransomware scams: your options
Recently, a hospital in Hollywood hit the headlines after it admitted that it paid almost $17,000 to get back critical files including patient data. According to reports, the criminals did unlock the hospital’s files and all was well just 10 days after the attack.
But there are no guarantees that the criminals behind all ransomware variants will do the same. If you pay up, you risk getting nothing in return.
Companies rarely admit to paying ransoms, because this also admits that their network was compromised in the first place. Therefore no-one is quite sure of the exact likelihood of getting your files back if you do choose to hand over the cash (or, more typically, Bitcoins).
Free ransomware decryption tools
Typically, the ransom is several hundred pounds, which is cheaper than employing a data recovery firm to attempt to decrypt the files. But before you pay anyone, check if there’s a freely available tool which will do the job.
If you are a Locker victim, then see this thread on Pastebin
Ransomware scams: to pay or not to pay
The first task, then, is to find out which exact malware has encrypted your files, then search online to see if a decryption tool is available.
If not, check if you have backups which are up to date enough to avoid having to pay the ransom.
And if you have no backups, the FBI’s advice – amazingly – is to go ahead and pay it. It says that it’s often the quickest and cheapest way to solve the problem, but not everyone agrees.
There are two main schools of thought. The first is that the bad guys want to make it as easy as possible to pay and get your decryption key. After all, they want other people to pay up and not hear that people have paid and got nothing. Hence, you should follow the instructions when you see the ransom on screen and you’ll get your data back.
The second is that the bad guys have no incentive to hand over the key. For one thing, contacting people makes them easier to trace, but the main point is that they’re anonymous, so they have no reputation to protect. Also, people who’ve paid the ransom and got nothing are hardly going to shout about it: they’ve just lost money to a scam and are no closer to getting their files decrypted.
Further, even if you do get a key or some tool to decrypt your files, you’re still not safe. The criminals might still have access to your machine and hold it to ransom again.
Those who would advise you not to pay would also warn against believing stories such as the Hollywood hospital case, as the criminals will go to great lengths to post fake testimonies about successfully decrypting files in order to persuade victims to pay up.
How to guard against ransomware
If you’re reading this having suffered a ransomware attack, the following advice probably comes too late. But if you haven’t, there are several things you should be doing:
1 – Make regular backups of any and all files you can’t afford to lose. Don’t assume that cloud backups or cloud storage is immune from ransomware: many services sync files with those on your hard drive and could well overwrite unencrypted files with the newer encrypted ones. The best plan is to make multiple backups which include copies on hard drives or any media which is not connected to a computer or the internet. A portable USB hard drive is ideal.
2 – Keep your antivirus and internet security software up to date and ensure you are using software which can protect against all types of malware, including ransomware.
3 – Be ever more vigilant about which email attachments you open and links you click on. Ransomware usually relies on human vulnerabilities, rather than weaknesses in security software. Even if an email or attachment is from a person you know, or a service provider you use, double-check that it is genuine. If in doubt, don’t open the email, let alone open an attachment or click on a link that will supposedly take you to a page where you can enter your banking details.
See also: How to protect yourself from CryptoLocker, GoZeus and other ransomware. For more on the latest scams, see How to avoid getting scammed.