09 November 2014

Ransomware Strikes Stillsong!!

It is probably not the common lot of hermits to be struck by Eastern European terrorists but this week it happened here at Stillsong. On Tuesday my laptop became infected with a virus known as CryptoWall 2.0, a form of malware known as "ransomware." That means that all of my files (documents, pictures, music, etc) have been encrypted with a two part code key. One key was left on my computer but to unlock or decrypt the files takes the second key as well. One is required to PAY the terrorists to get this second key --- though of course there is no guarantee that a key would truly be forthcoming much less that it would not unlock and unleash some other virus or Trojan horse, etc! (Besides, one DOES have to HAVE the money, which I do not! Neither do I have the inclination to pay, however.) What I see on my computer when I try to open documents is a clear list of the documents in whichever folder I open (100's of them!); they show up fine and the list is pristine and promising. But when I click on a file Word tells me the file is unreadable. If I persist beyond this error message Word opens the document window with editing tool icons, lists of recent documents, etc, but the main window in the frame, the window where the document should be is grey. Nothing shows up there at all. Meanwhile my access to dropbox, etc is blocked so files there are inaccessible on this same computer. (The contents of storage options like Dropbox are accessible from other computers and the files are apparently fine --- though I have read there is danger in the virus taking over such storage options too.)

So here is the deal. . . after speaking to a technician at a company that does virus removal and disinfection and unsuccessfully trying one of the Spyware solutions they use for a computer in safe mode the files that were infected are a complete loss! The computer itself can be saved, the HD reformatted, the OS and other programs reinstalled but everything else on that computer is lost. Of course, many of those files are backed up, either on an external HD or in cloud storage. While I may have lost some recent writing (or, more likely, some from a couple of years ago) I am not apt to have lost a whole book, for instance, nor the work from my Rule (done over a period of years) or even many of the articles I have written. I am relatively okay in all of this, relatively unscathed. But really, at this point I don't know how much writing has been lost, nor how much other stuff either. That part of things makes my stomach go a little queasy with the uncertainty.

And, though I am relatively okay in all of this, I am also angry! You see, I am careful in my use of the computer. I do NOT click on unknown links or download suspicious materials. I have clicked on popups representing themselves as Java or Adobe for instance and announcing it is time to upgrade or that an upgrade is available; as far as I can tell, that is how my computer got infected. (That means I will not do that any more; instead I will check with the program's creators directly on their own website and see if it is time for an upgrade.) The anti-virus computer technician I spoke to said that one family had been away on vacation and when they returned their computer was ruined! The point is one does not need to be doing anything dangerous or reckless, or even anything at all for this virus to gain entry and, in a short time, ravage through your system. Similarly I use well-known anti-virus software which I trust but this virus apparently can sneak in under the radar. Even in safe mode an anti-virus program may be prevented from doing its work (as was the case with my own computer today).

How people can do such a thing is beyond me. Greed, of course; it's all about money but the level of sociopathy required is startling. I heard several stories from the technician about lost libraries of music, years of writing, etc as he spoke of cyber warfare and this new war which is worse than the "cold war".  All of that work still exists. It has not been changed or corrupted but the key to unlock/decrypt and look at it or play it is in some criminal's hands in Russia or Eastern Europe and will stay there until the desired ransom is extorted by those same thieves. Of course the lesson is a simple one: BACKUP everything! Do it regularly. flash drives, external hard drives, cloud storage, whatever it takes! Corollaries exist too: always check before clicking on a link or popup, even if you have clicked on the same (?) popup before. Use the websites instead if you can. This particular virus is a really nasty one (I have been told a number of times by people fighting it!).

One interesting thing all this occasioned for me was my first ever "report to the FBI"! I did indeed report the infection and how I thought it had been contracted and though I don't expect a response beyond the acknowledgement the complaint was received, it was still kind of "cool" as well as not-so-cool to be contacting the FBI with something like this.