Andy: Good Morning Charlie Brown. Today I have a bunch of questions about Ransomware or a Cryptowall virus. First question: What is Ransomware or Cryptowall?
Charlie: Hi Andy. This is a very timely topic. We have seen several instances and they are not nice. What is it? This is a virus that comes onto your computer and encrypts files of certain types that include most if not all of your data files. Most operating system files are left alone so they can tell you where to pay the ransom. But your data files are encrypted and unreadable. A screen is displayed that demands a ransom for the key to decrypt the files and make them usable again.
Andy: How did I get this on my computer?
Charlie: Good idea! The Chromebook is a laptop notebook unit. The Chromebase unit is an all-in-one desktop system with a 23.5” display. These units are designed to do virtually everything on the Internet. While they do have a solid state drive for storing files, it is generally small. Your main file storage location is your Google drive on the Internet. You log onto the machine with your gmail address and password. This gives you access to your email, your google drive and other Internet content. They do have an Office suite that you can use to create documents, spreadsheets and slide shows. However the emphasis is on running Internet based apps. You cannot download and run programs, just go to the Internet and run apps.
Andy: Isn’t that a bit limiting?
Charlie: There are several ways you can be infected. You can be passively infected by browsing some web sites. Sometimes ads that download when you are at web pages can infect your system. You might receive and open an email that is infected. And if you are opening ports on your firewall or windows firewall for Remote Desktop use the virus can come through there without you knowing.
Andy: You mentioned that my data files are affected but not my operating system files. Can you be more specific?
Charlie: Data files that are on drives assigned a drive letter can be affected. That includes external drives and shared drives and directories on network connected systems. It also includes files that are stored on cloud drives since the local copy of the file is encrypted and then synchronized to the cloud encrypting that area too.
Andy: What are my options?
Charlie: Pay the ransom in BitCoin. If you don’t have a BitCoin account this can be difficult.
If you don’t pay the ransom its virtually impossible to decrypt the files yourself. Your best option is to first clean the encrypted files from your system and then restore them from a backup copy from a service that keeps several versions.
Andy: What can I do to protect my system from Cryptowall or Ransomware?
Charlie: First, have a good anti-virus/anti-malware system with current definitions running real time on your system. Second, have a good backup system with versioning running on your system. We like Carbonite and have used it to restore systems that were encrypted by Ransomware. It works very well and they help you with the restore process.
Andy: This sounds like a serious problem that needs serious attention from experienced technical specialists. I’ve heard them say it many times: Before your computer’s down call Charlie Brown. That’s Charlie Brown at PC Applications, 533-6510, or visit their web site pcapp.com.