Bad People Will Do Bad Things to Your PC...and Your Mac
There are a lot of bad things ready to attack your computer. For years we called them all viruses, but that wasn't totally accurate. Today there are known as malware which includes viruses, worms, trojan horses, spyware, and ransomware. It's said ransomware is the worst and now I understand why.
I'm uaually cautious when I use the computer. The other day I needed a small program that was offered as “Freeware”, a program that had limited application but was available with full features at a price. When I was ready to download, I noticed that I would need to use OpenCandy as the installer for the program. I consider OpenCandy to be spyware and declined to download the program.
But I was preoccupies when I, in an unguarded moment, scanning through my emails, clicked on a message that sounded vaguely innocent, something about incorrectly paying an invoice. The message was blank except for a link. Stupidly I clicked the link.
You may have seen these emails recently on your computer. I have two in today's email. One from Christian Hull who uses Bill 4F0016 as his subject. Drew Key lists Payment Confirmation as his subject. They both have attachments. Both names are unknown to me.
A day after I mistakenly shrugged off the mumbo-jumbo attachment, my computer began running at at turtle speed. I checked to see what was hogging all of my computer's resources. A program named CgYrXlur.exe was running and using over 50% of my computer's capacity. I Googled the file name but nothing relevant came back. Suspicious, I closed everything that was running and opened MalWarebytes, a free program everyone should have. I ran a scan and I had a big problem. A program called LOCKY had begun encrypting my files. MalWarebytes stopped and deleted it and I ran Regedit to clean another few LOCKY lines of code from my registry.
Even catching Locky early was too late. Thousands of my documents had been encrypted with military style RSA-2048 and AES-128 ciphers and were unusable.
I got rid of LOCKY before it could display its ransom note but it has been posted on a number of “help sites.” The instructions were to forward bitcoins to them and they would send me a “key” to decrypt my files. Just over $200. But these people weren't Sunday School teachers. What incentive did they have to restore my data once they had my money? I elected to restore what I could.
Windows System Restore did nothing.
Since the data was encrypted, not deleted, the websites I visited recommended a program that restored deleted or damaged files. I bought Data Recovery Pro for roughly fifty dollars. It restored a bunch of Windows graphics (buttons, punctuation marks, arrows) but didn't tell me where they had originally been on my hard drive so they're useless. Data? A few pictures, zero documents. I emailed their support team but never heard back.
Recuva is a free program and it produced slightly better results, especially with .jpgs, finding maybe 500 files out of thousands.
What saved me?
First and foremost was Dropbox, a cloud storage program. I was able to restore my Grub Street Printing files, albeit just a few at a time which is time consuming if you're restoring thousand of files. But it absolutely worked.
Also, I have five computers scattered around the house. Whenever I work at a different computer, I just copy what I need from another computer via my home network, use it and save it. I never considered it “backing up” files, but that's what I was doing.
Over 10,000 encrypted files were deleted. For some reason music and video were untouched, but pictures and text files were about 75% affected.
On March 31, Bitdefender Labs announced a free program to protect your computer from the newest ransomware. You can download their protective “vaccine” here. Click on the red Bitdefender website.Oh, you think it can't happen on your Mac? Think again. Ransomware for the Mac that begins with an iCloud hack has just been found. Don't use iCloud? Don't relax.