Posey's Tips & Tricks

Don't Pay the Ransom!

Even adhering to best practices won't completely protect you from malware infection.

I have a confession to make. As a child, growing up in the '80s, I thought that computer viruses were a fabrication of Hollywood. It wasn't until I had a brush with a virus called Yankee Doodle that I learned that viruses were real. Since that time, I have removed countless infections for friends, family members and clients.

I have to admit that about ten or twelve years ago, I thought that there was a realistic chance that the malware battle might be won. Although not widely publicized, some of the foreign antimalware research groups were making extraordinary breakthroughs in malware detection and in malware damage repair. I incorrectly assumed that these advances, combined with new layers of security built into the hardware and into the operating system, would eventually lead to malware extinction. Of course my prediction was completely wrong. Malware is a bigger threat today than it has ever been.

So what happened? Basically the malware game has changed. Malware was once a form of cyber vandalism. Some of these early viruses such as the benign Cookie Monster Virus  were even somewhat amusing. Today however, malware has become big business. Malware creators have found that they can easily use malware to extort cash from their victims.

On the surface, malware-based extortion scams seem difficult to avoid. After all, there are about a zillion different variants of these scams, and I have seen computers that were protected with the latest antimalware software become effortlessly infected. Even so, there are a couple of ways of avoiding paying up.

I will spare you the lecture about keeping your antimalware software up to date, backing up your system religiously, and avoiding message attachments from non-trustworthy sources. Even though you should adhere to these best practices, none of those best practices are guaranteed to prevent malware. After all, I have on occasion suffered a malware infection simply by incorrectly typing the name of a popular Web site and accidentally visiting a malicious site as a result.

The first thing that you need to understand about the current crop of malware, is that there are two main types of malware that are currently being used to extort money from victims. The first type is far more benign than the second. It consists of a message that is displayed within the browser informing the victim that the computer has become infected with a virus.

I can't tell you the exact message that is displayed, because there seems to be an endless variety of such messages. I have personally seen four or five different variations, and have read about several others. Some display simple text messages, while others are more elaborate and may even provide the victim with a verbal warning message. In any case however, the message tells the victim to phone a tech support number to have the virus removed. I know a few people who have actually called the number, and have told me that the phony tech support department tried to charge them $500 to make the message go away.

Keep in mind that this particular scam doesn't actually infect the system with malware infection (depending on your definition of malware), but it does hijack the browser. There is no obvious way to get rid of the fake virus warning message.

I have had success in getting rid of such messages by closing the browser, and then entering a known safe URL into Cortana. This causes Cortana to open the browser, with the requested site displayed on a new tab. It is then possible to close the offending tab, thereby making the browser usable once again. For whatever reason, this technique permanently removes the message (at least it has for me).

The other type of malware that has been rearing its ugly head lately is ransomware. As I'm sure you know, ransomware encrypts the victim's files. The victim must then either pay the ransom, or restore a backup (if one exists) in order to regain access to their files.

While there is still no full proof way of reversing a ransomware encryption, help may be closer than you think. Intel, Kaspersky Labs, and Interpol have teamed up to create a Web site called No More Ransom.

The No More Ransom site is designed to help victims to decrypt data that has been encrypted by ransomware. While the site openly admits that there is not a solution to every type of ransomware, it does provide decryption tools for some of the more common types of ransomware. Obviously, it is best to try to avoid ransomware infections if at all possible, but if you do happen to get infected then I highly recommend a visit to nomoreransom.org.

I don't think that malware is ever going to be completely vanquished from the Internet. There will always be someone who wants to do harm to others, whether for profit or for entertainment. Even so, there is a lot of work being done to prevent malware from being effective.

About the Author

Brien Posey is a 22-time Microsoft MVP with decades of IT experience. As a freelance writer, Posey has written thousands of articles and contributed to several dozen books on a wide variety of IT topics. Prior to going freelance, Posey was a CIO for a national chain of hospitals and health care facilities. He has also served as a network administrator for some of the country's largest insurance companies and for the Department of Defense at Fort Knox. In addition to his continued work in IT, Posey has spent the last several years actively training as a commercial scientist-astronaut candidate in preparation to fly on a mission to study polar mesospheric clouds from space. You can follow his spaceflight training on his Web site.


comments powered by Disqus

Subscribe on YouTube