Ransomware such as Cryptowall or Cryptolocker will encrypt your files, and the files on mapped network drives, then demand that you pay a ransom to obtain the key necessary to decrypt your files. The ransom usually starts at $500 and may be as high as $1000… some increase after x number of days as well. The ransom is usually payable only in digital currency such as Bitcoin.
How does it spread?
These infections usually arrive by email attachments such as zip files. The best rule of thumb is to never open an attachment if you don’t know where it came from. Even if you know the person that sent the email, if the wording of the email, subject line, or name of the attached file seems odd, don’t open it. Ignore the obvious spam emails that promise riches, and the ones that say you have a non-deliverable package, etc.
How Do I Know If I Have It?
Usually the ransomware will open a message to let you know it’s encrypted your files and where to send the payment, but sometimes you can’t access your files and when you look in the folders you’ll see files with filenames with decrypt in them. These files will contain the instructions for getting the key. There are some things out there that say you have to pay a ransom but do not encrypt your files… after step two below, verify that you cannot read your documents and view your images.
I’ve Got it, What Do I Do Now?
- Scan your drive with a tool such as MalwareBytes to remove the infecting files. Only proceed to the next step once you’re sure the virus has been eliminated because some will take more destructive action if they detect you’re trying to get around them. Click here for a page I put together listing the tools I use to clean up infected PCs as well as my recommended anti-virus product.
- Search on the name of the ransomware you have been infected with and see if there’s a free solution available. There are for some of the older versions such as CryptoLocker here: www.DecryptCryptoLocker.com, but with newer variants you’ll have to pay to decrypt.
- Step three is to decide if you’re going to pay the ransom or recover your files from a backup. What you have no backup? That’s what the criminals were counting on!
I Need to Pay the Ransom, How Do I Get Bitcoin?
The majority of people don’t even know what Bitcoin (BTC). A lot of those that do know what it is have never used it. So how does one get BTC? You purchase it from an exchange, or a person. If you’re in a large city you can probably find a place to walk-in and purchase BTC, otherwise you’ll need to deal with an exchange. I do not recommend meeting someone you don’t know, in person, to purchase BTC: you’ll pay a very high premium and it may not always be safe.
Important – Don’t Tell Them You’re Paying a Ransom!
If you’re purchasing BTC, or other digital currency to pay a ransom, DO NOT TELL THE EXCHANGE WHY YOU’RE PURCHASING IT – they won’t sell it to you. They do not want to participate in illegal activity and will simply wish you good luck and tell you goodbye. Employees of these businesses have been told to never participate in any illegal dealings. One person at an exchange told me that they get a lot of these types of requests and that he wishes he could just tell people to call back and not mention the word ransom…
Purchasing BTC with USD Can Be Slow
Purchasing BTC with USD, or any FIAT currency, can be slow. The problem with purchasing BTC through an exchange is the wait time to get an account setup. You have to provide proof of your identity: usually a photo of you holding a photoid and a copy of the same photoid. You also have to provide either a credit card, or bank account. Most exchanges in the US only use bank accounts. A few will allow you to make the purchase with a credit card (only certain credit cards too). You will have to provide proof it’s your credit card, usually by a photo or video you holding your photo ID and your credit card. They’ll start you off with a small limit and then once you’ve made a purchase your limit will increase. If using a credit card, your BTC will be available in a short amount of time – 10 to 15 minutes. If you use a bank account transfer, it can take days for the money to show up in your account at the digital currency exchange. Once you have funded your exchange account with dollars, you can purchase BTC with it and then send the Bitcoin to the address the ransom instructions gave you. You’ll then get your key and can decrypt your files.
Get more than you need to pay the ransom… there are fees the exchange charges to sell you the BTC, and small transfer fees to transfer the BTC to the thief’s account, so have a little extra.
Again, do not tell the exchange you’re purchasing BTC to pay a ransom. Just ask them for quick verification and limit increase because you’re in a hurry.
Hopefully if you’re not experiencing this problem yet, you now understand the importance of having good, current backups stored on something NOT connected to your PC all the time.
My Recommended Exchange for Purchasing Digital Currency
You may ask why do the creators of the ransomware want the payment in Bitcoin? Bitcoin and other “crypto” or digital currencies are distributed, meaning they have no central authority. Transactions in Bitcoin and other digital currencies are non-refundable: because there is no central authority such as a bank to complain to and have the ransom payment reversed. Some say this is a big problem for digital currency, however, in my opinion, this is one its biggest strengths. The non-refundable part does make it ideal for criminals, however, the advantages of being a distributed currency outside the control of banks and governments outweigh the few minuses. Read my blog posts on Digital Currency to learn more.
A lot of people think that Bitcoin and Digital Currencies are anonymous, but they’re not. In fact with the exception of currencies specifically designed to be anonymous, it’s easier to track where coins went and when they were transferred, it’s just harder to tie them to specific individuals but it’s not impossible.
Until next time,