Malware that attempts to part victims from their money is nothing new. Some viruses attempt to discover credit card information that can then be used or sold. Other threats look to steal passwords to important accounts. And phishing, which isn’t a virus at all, tries to trick users into providing login information to a fake website.
All of these tactics are behind the scenes, however. The victim doesn’t know when they work well. There is another threat, called ransomware, that attempts to leverage the authority of some well-known organization to extract money directly from victims. Here’s how it works and what you can do to avoid it.
Holding Your Computer Hostage
The concept behind ransomware is simple. When the virus infects a computer it prevents the user from opening any programs or accessing any important system functions.
The simpliest examples of this threat will only over-ride the normal Windows shell. It may even modify the master boot record, which will send the user directly to a payment screen every time they attempt to boot their computer. All the user’s files are intact but they cannot be accessed through the operating system because of modifications to the interface.
Other threats will take matters a step further by encrypting files on the victim’s hard drive. This makes them unreadable even if the victim attempts to extract them from another, uninfected computer. Files that are encrypted are often effectively destroyed, since they cannot be read. This is yet another reason to use a backup solution.
Give Me Your Money, I’m With The Cops
If you’ve ever watched a Mafia movie before – or perhaps a few episodes of the Sopranos – you’re probably familiar with extortion. A mob boss wants to have a building torn down so he can build a new strip club, so he suggests that bad things might happen to the building’s owners if they don’t sell. Bad stuff can happen to good people, you know?
Some of the more recent examples of ransomware have begun to use extortion as an element. Instead of making criminal threats, however, they make reference to legitimate organizations such as law enforcement.
One recent virus, called FBI Moneypak, informs victims that they have been found guilty of copyright violations and therefore need to pay a fine of $100 in order to unlock their computer. A similar virus has targeted citizens of the United Kingdom since 2011. It claims that the Metropolitan Police have connected the victim’s computer with child pornography and other crimes and the victim must pay 100 pounds to unlock their computer.
Some other recent viruses use established movie and music trade organizations instead of law enforcement and claim that the victim must pay to avoid further prosecution for copyright infringement. In all cases, posing as an authority gives the virus extra leverage because victims fear they will receive jail time or be sued if they don’t pay.
Clever Use Of Phone Charges
The people who want to take your money via a virus aren’t dumb. They’re always coming up with new and inventive tricks, the most of recent of which is the clever use of phone charges.
Ransomware that makes money in this way won’t ask you to input payment information on your computer. Instead, you’ll be asked to call or text a certain number. In today’s wireless world many people forget that long distance calls still exist and can become extremely expensive.
A virus rolled out in 2011 used this trick. It claimed the victim’s version of Windows had to be re-activated and provided a long-distance phone number. When a victim called, they were placed on hold to rack up charges.
Don’t assume that a message is legitimate just because it asks you to make a call or send a text message. You can be sometimes charged ludicrous sums for these every-day actions if you contact the wrong number.
What Can You Do To Avoid Ransomware?
There are no special steps that must be taken to avoid this threat. It is different from other viruses because of its payload (the damage it causes to your computer) instead of the way it spreads. You should protect your computer by installing an anti-virus and firewall. You should also become familiar with best security practices such as avoiding malicious websites and email attachments.
If you are in doubt about a message that appears on your computer, leave your computer and look for information on another PC. Never use a computer that you think has been infected by ransomware to find additional information about a virus. It’s not difficult for a virus to re-direct your web searches.
Remember, no law enforcement agency or company will take your computer hostage, so it’s safe to assume any message asking that you pay to unlock your computer is the result of a virus. Even Microsoft will not lock your computer if you do not pay for the operating system.
Ransomware does not always unlock a system once the ransom is paid. You also have no way of knowing if the infection has been entirely removed. Recovering your system from backup may work. If it does not, you should re-format your drive and re-install your operating system.