Ransomware. Such funny coined word for such fun times we live in. A type of malware, ransomware holds either a computer or its data hostage, and asks the user for a ransom in order to “release” the hostage. This type of malware (malicious software) has existed for some time but its newest variant is proving to be a bit of a challenge in terms of recovering the lost information and it’s been detected as circulating in the wild since late November.
Its name is Trojan-Ransom.Win32.GpCode.ax.
How can you recognize it? Users who become victims of this new variant will often see a pop-up window in their screen, or have their desktop background replaced by this message: “ATTENTION!!!!!! YOUR PERSONAL FILES WERE ENCRYPTED WITH A STRONG ALGORYTHM RSA-1024 AND YOU CAN’T GET AN ACCESS TO THEM WITHOUT MAKING OF WHAT WE NEED!” The ransom message ends with, “REMEMBER: DON’T TRY TO TELL SOMEONE ABOUT THIS MESSAGE IF YOU WANT TO GET YOUR FILES BACK! JUST DO ALL WE TOLD.”
What does it do? It encrypts the files in your computer’s hard disk drive, making it impossible to access or recover them. Past threats about the encryption strength have been bogus in some cases. Not this one. So as of this writing, there is no known way to decrypt the data to recover it.
What can you do about it? There are three actions to take. First is the usual preventive one. Have a good security setup so you don’t get infected in the first place, and have a frequently updated data backup to be ready for the worst. The second action is under the category of damage control. If you see any message on your desktop like the one above, turn off your computer as fast as you can. And I don’t mean go through the usual shutdown procedure. I mean press and hold the power button of your computer until it turns off (usually takes about 5 seconds of holding the power button to force a sudden shutdown) or just yank the power cable (If your computer is a laptop obviously yanking the power cable is not an option 🙂 ). The reason for this second action is, if you act fast enough, you might be able to abort the encryption process that is destroying your information. Don’t turn the computer back on. The third action is a corrective one. Contact an expert so the necessary steps can be taken to remove the threat before it can resume its destructive work.