Crypto Malware – How to avoid it and what to do if you get hit.

Crypto malware has been around for a few years now. It really is the stuff of legends, only it’s very real. It sneaks onto your computer when you’re not aware and encrypts (scrambles with a code) all your documents, photos and other important files then demands a ransom to decrypt them again. Read on to find out how you’re best to avoid it and what to do if it strikes your PC.

How to avoid it?

  • There is no foolproof way to avoid crypto malware. Actually, there is – disconnect your computer from the Internet – completely!
  • Don’t assume that your virus scanner will pick it up. Many of the new crypto malware strains use legitimate operating system commands to do their “dirty work” so they fly “under the radar” of the virus scanners. Instead, they use social engineering to trick you (the recipient) into doing things which, to you, look OK.
  • Notwithstanding the advice above, do install an anti-virus / anti-malware system on your computer(s) and make sure it’s kept up to date. This means that there is a chance that the older malware strains will at least be detected. It is best, though not mandatory, to use one that you have paid for as the free ones can often be too basic.
  • Keep your operating system up to date. It’s fair to say that all operating system vendors release patches or updates to their operating systems from time to time. Yes, there are the occasional updates which cause problems by themselves but, by and large, you’re better off installing those which are, at least, marked as “Security” or “Critical” updates.
  • On the subject of operating systems, don’t assume that because you’re not using Windows that you are immune to crypto malware, or any other malware. There are reports of a crypto malware doing the rounds on Apple OS/X systems! Malware creators will go after the most popular operating systems. This is why Microsoft Windows has more than its fair share of issues in this regard. Like everyone, they (the malware creators) want the best return on their evil efforts! It doesn’t, unfortunately, mean that the others will not be attacked.
  • One recent version of crypto malware arrives as a Microsoft Word document attached to an email. When the recipient opens the document, there is a page of text which, basically, says “If you see this text it means that the document hasn’t loaded properly”. It then goes on to instruct the recipient to enable Word macros to complete the loading process. Guess what that does? Right! It runs the malware code and because you gave it your permission to run, it effectively bypasses all protection! That’s social engineering!!
  • The moral of that one is – Be aware of what you are doing! ESPECIALLY if a document you received by email says to do things you wouldn’t normally do!
  • Don’t ignore security prompts. Most operating systems today will, if they have been setup properly, alert you to any suspicious activity. Do you really want XYZ to make changes to your computer? Count to 5 and think about it. Did I just run something? Do I know what that program is or what it does? If in doubt say NO. If it keeps coming up, call your IT support company.
  • Do check the grammar and spelling in emails you receive “out of the blue”, particularly those with hyperlinks or attachments, even if they are, or appear to be, from someone you know well or deal with on a regular basis. Email return addresses can easily be forged. If in doubt, call the sender and ask them if they sent you a particular email.
  • Be suspicious. Everyone should know by now that banks, Inland Revenue and any other institution dealing with your money will not EVER ask for anything from you in an email. If you get an email from, say, your bank asking you to click this link to “confirm your account”, DON’T! The same applies from an email provider itself. Never enter any username, password or PIN code into any site that you’ve gone to by following a link in an email. You will find yourself locked out of your email or social media account or, worse, find your bank accounts empty within the hour!
  • Backup. Backup. BACKUP. Also test the backups by doing regular test restores. Anyone can get caught in a moment of confusion. A backup is your safety net. Make sure you have one, or two, or three!

What to do!

  • If you are unlucky enough to be infected with a crypto malware, chances are you won’t notice anything for a while. That is because the program does its “dirty work” first and then tells you that it’s happened much later! By chance, you may have difficulty opening a document or a photo that you’ve been working on recently. If this happens, immediately shut down your PC/laptop and call your IT support company.
  • If you’re in an office environment, make sure you alert someone that it has happened. Like anything, catching it early can minimize the damage caused. Don’t be tempted to try to “fix” things yourself or, worse, ignore it. This particular malware is VERY nasty and will encrypt (effectively scramble) every document that it can find on your computer and any other computer, server or storage device that it can connect to. In a network environment, it is particularly important to make sure that whoever first discovers any irregularities with opening common documents should alert those in charge of the IT systems. The best way of dealing with it is to immediately shut down ALL computers and servers and then carefully eliminate “clean” computers until the infected computer(s) can be found and “cleaned”. Make a plan and ensure everyone knows to follow it.
  • Don’t pay the ransom! The malware creators will demand a “ransom” for decrypting you files. Don’t pay, it only encourages them!! Seriously.

Be safe out there! For further information, contact UPBEAT Business Computing.

Recent Posts

View all news

Get in touch

Our business is keeping your business running. Enquire today about how UPBEAT can assist with your IT needs.