You turn on your computer, only to find that you’re locked out of all of your files — everything from work documents to family photos. There’s an ominous message on the screen demanding that you pay a fee to regain access.
That nightmare scenario has become all too real because of ransomware, a type of computer virus that cybercriminals around the world are using to scam money out of unsuspecting individuals and businesses. It’s nasty stuff, and it’s on the rise.
To learn more about it and how to prevent it, we talked to Geek Squad Agent Matt Dockery from our data recovery team at Geek Squad City in Kentucky.
What is ransomware?
Agent Dockery: Ransomware is basically an advanced form of malware that changes the file extension (e.g., .jpg, .doc, .pdf, .xls, etc.) of every affected file on your computer to a random extension with a very heavy encryption. Then they leave a note that essentially says, “Your computer is infected. If you go to this random site and pay us money, we may unlock your files for you.”
These viruses can be hidden within spam and phishing emails, pop-up ads, downloads from unsecured sites, torrents — pretty much anything you can download into your computer. Even things people wouldn’t normally think about, like browser cookies, can allow the malware creators to track what you’re doing and target specific pop-up ads for you.
When I first started seeing ransomware infections as an agent in a store precinct several years ago, they were very simple things that you could just go into the computer’s registry and delete. Now, they’re advancing to the point where they can lock your computer. They can even infect your phone, tablet or smart TV. Windows and Android devices seem to be more susceptible to these types of infections, but Apple OS devices are not immune.
How can I prevent it from happening to me?
Agent Dockery: The best way to avoid it is to keep up-to-date antivirus software and internet security on any device that you’re using, whether it’s your computer, your tablet or your smartphone. I recommend that people set their antivirus software to automatically update twice a day, because some of these variants of the ransomware will change on a daily basis or even every couple of hours.
Never click on links or open attachments from email addresses you don’t recognize, and be sure to delete your cookies after you’re done browsing. The longer a cookie sits, the more information it can gather about you and the more time it has to be used against you. I have my browser set to auto-delete every bit of browsing history every time I close the browser.
What should I do if it happens to me?
Agent Dockery: Definitely do not give scammers any financial information because that will put you at risk for identity theft and credit card fraud. If people kidnap your dog and hold it for ransom, you’re not going to trust them with your credit card information. Don’t expect them to be honest people if their life’s work consists of trying to steal other people’s data.
The easiest way to get rid of ransomware is to bring your device to a Geek Squad precinct. The software we use is very good at getting rid of some of that stuff because it works outside of the infected operating system. Online support can sometimes help with that, but it’s hit or miss. It really depends on the severity of the ransomware.
The most surefire way to get rid of one of these viruses is to do a complete factory restore to get everything back to the original, out-of-box settings, so my biggest recommendation is to keep your data safe in case this happens to you. Regularly backing up your data on external media, such as a flash drive, external hard drive or the cloud, will prevent you from losing your crucial data. Clouds are probably your safest bet, just because they are less likely to fail. In data recovery, we deal with broken hard drives and broken flash drives that were people’s backups.