What to do if hackers hold your computer for ransom

For years, you’ve probably heard of viruses, Trojans and online scams, but a new breed of hostile software is invading the Internet, and it’s bringing everyone from dog shelters to universities to even police forces to pull out their wallets for criminals.

This week, the owner of a Canadian dog shelter was briefly put on the spotlight for being forced to pay ransom to online hackers to get her computer files back. This came during the same week when the University of Calgary paid $20,000 in ransom to restore access to the staff’s emails. This form of malicious software—called ransomware—is increasingly targeting Canadians, says Chester Wisniewski, a senior advisor at cyber-security company Sophos Canada. He’s observed that ransom demands usually hover around $700.

How to avoid online scams »

While it may sound like a foreign concept, cyber-security corporation Symantec estimates that Canadians were affected by over 1,600 ransomware attacks per day in 2015. We take a look at how to protect yourself, and what to do if you get hit.

1. Think before you click

Wisniewski estimates that roughly 75% of attacks are coming in the form of deceiving emails. These emails claim to come from a trusted source, like the Canadian Revenue Agency, Canada Post, or the Canadian Association of Chiefs of Police. When you open an email attachment or link, it downloads malicious software that locks up either your whole computer or some of your files. A message would appear, saying that the only way to get back your beloved family photos or important tax return information would be to pay the ransom.

“You’re never going to get an email from the CRA,” says Wisniewski, before laughing: “And Canada Post can barely bring a package to my house; it seems unlikely they’ll send you a message.”

phishing attack — Some online criminals will send fake emails appearing to be from trusted sources. (Richard Smith/Flickr)

If you’re ever unsure about a particular link or file, a free online service called VirusTotal.com will allow you to enter a link or upload a file, and have it scanned by multiple anti-virus software.

2. Make sure your anti-virus software is on, and up-to-date

Everyone hates annoying iTunes or Windows updates, but Symantec lists software updates as essential to security. Ransomware and other forms of malware often exploit vulnerabilities in the software you use in order to gain control of your computer. These vulnerabilities are often fixed during updates.

Why mobile banking is safer than you think »

Wisniewski says that the smaller portion of attacks comes in the form of websites that inject malware into your computer when you visit them. He recommends using traditional anti-virus software which often come with web filters that block websites known to harm your computer.

3. Backup regularly

“Having backups of your data is absolutely critical,” says Wisniewski. He points out that backups also help if your laptop is lost or stolen, or your hard drive dies. “If you do backups, it’s a good way out if you get hit with something like ransomware.”

Ritesh Kotak, who works with Police services as an advisor on digital technology, agrees. In fact, he considers backups as the only real option for dealing with ransomware.

Instead of ponying up hundreds to criminals, “keep a physical copy of your data, wipe your system clean, re-install the programs, and re-upload your data,” he suggests.

4. Some tools can remove certain versions of ransomware

“Most of the ransomware can’t be defeated,” says Wisniewski. However, he says that there are a few strains of ransomware where tools are available to decrypt your files. Cyber-security company Talos has a free tool for those infected with certain versions of TeslaCrypt or AlphaCrypt. Bitdefender has a tool that targets a specific brand of ransomware that pretends to be the FBI. Kaspersky has a tool that removes CoinVault, as well as other less popular ransomware.

These tools work because of mistakes that the ransomware designers made at some point, says Wiesnewski, where they accidentally revealed the key that they would use to unlock your files once you make a payment. They don’t remove the ransomware itself, though there are some anti-virus products specialized to do that.

How to protect yourself from CRA phone scams »

Wisniewski says these are often complex tools that only work with specific ransomware, and that it’s “really hard for the victim to know which criminal group has locked up your files. I would recommend people just go to whoever they would consult with locally for computer advice.”

5. Paying the ransom

Wisniewski, as well as police agencies don’t recommend paying the ransom, which only allows criminals to further fund their operations. Kotak says that there is no guarantee that paying will even get you your files back.

The criminals holding your computer hostage will often force you to pay in Bitcoin, a form of secure digital currency. “It’s next to impossible to actually trace digital currency,” says Kotak. “Its servers are all over the world, which makes it difficult for law enforcement to track it down.”

There are physical ATM locations where you can purchase Bitcoin in most major cities, says Wisniewski. Sites such as Coindesk keep an updated Google Map of locations in Canada, if you’re ever in the unfortunate situation where you actually need to pay up.

6. Practicing good online security keeps you safe from other threats, too

“The way you protect yourself is just what we call practicing proper cyber hygiene,” says Kotak. “It could be keeping your sytem up-to-date, have a pop-up blocker, don’t open attachments from email senders you’re not aware of.”

Kotak says these practices are important to computer security in general, besides protecting against malware. Using strong passwords means that your accounts will be less likely to be hacked. It’s important to not use actual words, because many hackers will try to guess combinations of words found in a dictionary. Expert hackers can use powerful computers to guess as many as 350 billion password combinations per second. That’s why password length matters; the longer the password, the more combinations the computer has to try.