Having heard that I was someone who might know a thing or two about bitcoin, they reached out to me. My first question was, do you have backups of your important files? He said that his backup procedure had been broken for a while, so he didn’t have one. This is the number one thing you can do to avoid paying ransom. If you have a backup (preferably one on-site and one off-site), then you can just format the computer and reinstall everything fresh.
They were in a hurry as there were mission critical files on the infected computer, so I told them I could help them turn some cash into bitcoin since the Keene Bitcoin Vending Machine at Route 101 Local Goods is closed on Mondays. However, I cautioned that they still have to trust unknown hackers to actually do as they say and unlock the files once the payment is made. (Turns out, they did decrypt the files about ten hours after he paid the ransom.) I then did some digging online for solutions to avoid paying the extortion.
Turns out, paying the ransom or formatting the computer aren’t the only two options, according to some of my even-more-techy friends in the New Hampshire bitcoin community. The most promising options are ransomware decryptors. Kapersky Labs, along with Intel and others, have a website set up with instructions and downloadable files to attempt to unencrypt your files. Another handy site, “ID Ransomware” will assist you in determining which specific ransomware you’re dealing with.
There’s also a small chance the ransomware didn’t even lock the files as it’s claiming. One expert says if that’s the case, “I would boot the computer from a Linux live CD and access the files, then get the files off the computer (e.g. copy to a thumb drive or external hard drive).”
In short, there ARE options, if you’re willing to put the time in. It may seem easiest to just pay the ransom, but that will only serve to encourage the hackers. If you have the ability to put some time into the options listed, it may save you some big money.
If you’re NOT yet infected by ransomware, congratulations! You have plenty of time to take some preventative steps, but you should do something sooner rather than later, especially if you have no protections at all in place. Here are a few options that I’m aware of:
- If you don’t have an anti-virus, anti-malware program on your computer, get one installed right away. Avira is a good, free option.
- If you don’t have your most-important files backed up on-and-off site, do that now. Dump ’em to a flash drive or DVD locally (which you can securely store) and sign up for an online backup service like CrashPlan. (I’m not getting paid for these recommendations, by the way – they are what I use. Perhaps there are better options, so of course you should compare them.)
- Avira also recommends applying system updates as your operating system recommends. Yeah, no one likes to do it, but those updates can fix exploitable weaknesses that the hackers target.
- Make sure you’re behind a firewall. You can run a firewall on both your router and your machine for extra security. Many operating systems come with this turned on by default, but it wouldn’t hurt to familiarize yourself with it.
- Finally, just be aware of suspicious links, email attachments you didn’t ask for, and phishing attempts. You’re not being paranoid if they actually ARE out to get you.
Thankfully, the victim of the ransomware in Keene was not holding anything against bitcoin. He seemed to understand that it’s just another form of money. Like cash, bitcoin can be used anonymously. That is one of the features of bitcoin, but of course with every technological advancement there are those who will use the technology for evil. Hopefully some of the suggestions here were of use to you.
To learn more about bitcoin, which is the amazing cryptocurrency taking the world by storm that you can spend online in thousands of places and even in real life in downtown Keene, please goto Bitcoin.com. If you’re in the Keene area and on facebook, you can connect with a bunch of local bitcoiners on the Keene Bitcoin Network facebook group. Or, come to our twice-monthly meetings, which you can find on the calendar here.