Fake ransomware does real harm: read this first

May 26, 2017. This week as a customer service we sent out a notice to clients warning of the dangers of fake ransomware. We've copied it here to help others avoid financial and data losses from real and fake ransomware attacks.

Valued clients: We rarely send this type of notice because we all get too much email, but there is a new ransomware scam we want to warn you about.

The apparent attack occurs when you visit an infected website but it can come from any site that uses web content. We had an experience with this yesterday in the standard Windows News app when I clicked on a story.

The symptom: you receive a popup notice stating that your computer has been infected with ransomware. It may warn you not to shut down or reboot your computer or you will lose your data. It may tell you that your files are encrypted and inaccessible. You will not be able to close the popup message and your browser will be locked. Typically, there are boxes on the bottom of the notice for you to input your credit card information to "unlock" your files.

This scam leverages public fear of the recent WannaCry ransomware attacks to make users react quickly with payment information. But, in most cases, there is no ransomware: the computer is not infected with anything other than an annoying popup. It's a trick, but it's effective. If you panic and contact the perpetrators, they will ask for remote access to fix your computer, at which point they can install malicious software on your computer. You can also be sure they will retain your payment information for future use.

If you get a notice indicating your computer has ransomware please do the following:

1. Do not panic! You may not really have ransomware. Hackers rely on fear to get people to pay them and let them into their computer. Do not click on anything within that popup notice. Don't call or email them, and do not supply payment information. Under no circumstances should you allow anyone connected to that notice remote access to your computer.
2. Check if you can access other programs or folders on your computer. True ransomware usually locks you out of everything. With the hoax, you can still open and use other programs.
3. With the program that produced the popup active on your screen, press alt-F4 on your keyboard. This forces the program in focus to close. If it closes, the ransomware is likely fake. You cannot bypass real ransomware that easily. (You could also use ctrl-alt-delete to bring up the system menu, then use the Task Manager to close the program). If you are using a Mac, try Command-W. True ransomware will keep coming back, even after you reboot.
4. If you think you are victim of a true ransomware attack or want to be certain an attack was fake, consult a tech expert for advice before taking action.
5. The above notwithstanding, ransomware is real and it's getting easier for hackers to distribute. Several years ago many computers were hit with worm viruses that destroyed files. There will always be new threats. The remedy remains the same: never run a computer without an up-to-date virus checker and firewall (we recommend BitDefender, but there are many good options). If you have sensitive information on your computer, you may also consider keeping it on an encrypted drive. Regularly back up important data because there are a host of issues that could cause data loss (the most basic of which is hard drive failure).

Special note to Mac users: The myth persists that there is something inherent to Mac computers that makes them virus-proof. This is not true. Modern Macs use the same Intel processors as PCs. Macs are not targeted as frequently because they have a smaller market share and major businesses and public institutions are more likely to use PCs. There is a valid concern that Mac users are among the most vulnerable to a major virus attack because they have a false sense of security and are much less likely to run virus checkers and firewall software. Also, while Microsoft has invested enormous resources into closing security holes in Windows in recent years, Apple has not followed suit because there have been fewer attacks on their systems. No computer or software is virus-proof. Ensure your computer is protected.

The cobweb team covers the full range of document development services including content development, editing, layout, design, and print and web production. Contact us to learn more.