A Ransomware virus usually begins with a pop-up screen telling you that your unit has been infected with hundreds of viruses and that you need to buy a program like “Superantivirus pro 2013” to get rid of them (often they ask for about $80). These viruses are also called “Fake-Antivirus,” because they do not deliver what they promise. On the contrary, you are being lied to. After you pay the money, the program turns off the fake messages, but leaves your computer infected with the fake-Antivirus. Even though you might not get fake messages for a while, it’s still there. After you have paid the money you might think all is fine, but remember, you gave them your credit card information. Check your credit card bill very carefully; you might encounter credit card fraud, too. Variants of this type of virus have been out for years now, and are still infecting computers today.
Next generation, the “FBI Virus.” One problem Ransom-virus attackers had is that people declined the credit payments later, and that paying with a credit card leaves more traces to follow the money trail. So a new version surfaced lately, the so-called “FBI virus.” This nasty virus freezes your screen with a pop-up telling you that the FBI has encountered a copyright violation (perhaps illegal downloads or porn related). It might show you an IP-address and on laptops, or even a snapshot of you taken with your own webcamera! Sadly, this seems to easily convince people to pay the ransom of $200. The catch is, they say this has to happen within 72 hours or the FBI will be at your door. The website accepts only “cash.” Yes,they make you go to Walmart or so to get a money order. One of my employees actually met someone standing nervously in line at Walgreens to get a money order. Luckily, they talked about it, and this person found out in time about the hoax. Fortunately, this virus can be removed without causing any harm to your computer information.
Generation 3. Encryption. So, I thought we had seen it all. Two weeks ago, a client brought in a computer that seemed to have had the FBI virus, but it was worse. Any program you tried to run would go to a website asking for $300 in order to give back access to the client’s computer and data. The client tried to fix the problem by himself by doing a computer restore to an earlier date, and, in this way, was able to get his programs to start up again. But then he found out that all of the data files were “encrypted.” Yes! All data files, pictures, or documents had been converted to “html”-files. Once you tried to open them, it brought you right to a website asking for “ransom.” This is why these viruses are also called ransomware. Our tools couldn’t find any infections on the hard drive, either because the client had already removed the virus or, as we know now, the virus removed itself, leaving just the encrypted files behind. Since this virus is still so new, there is only limited help available, but we were able to decrypt the files. Whew.
What should you do? The very best protection against viruses like these are regular backups (to minimize data loss) and extreme caution when opening emails and surfing websites. Up-to-date virus protection is helpful, but no Antivirus software can deliver 100% protection.