New Ransomware Hitting Businesses Hard

Ransomware viruses are not only attacking personal computers but also entire business networks. Learn how to protect your computers and what to do if you're infected.

The most important thing to know is that if you or anyone you know is ever hit with any type of ransomware, under no circumstances should you pay the ransom.

Today, one of the most common instances appears as a warning from the FBI accusing you of illegally downloading copyrighted material or child pornography and demanding that you pay a fine to avoid prosecution. The malicious program pops up a message that says that you have been blocked from using the computer until you pay the fine via an obscure payment system in hopes that they can scare you into paying quickly. The FBI/Police version of the exploit started hitting computers worldwide last year and has been a challenge to the security world ever since.

Many internet sites have published manual removal instructions for tech-savvy users that the ransomware authors are now also seeing. As removal instructions are posted, the malware authors modify the virus code to render the instructions useless and the headaches continue. For instance, most of the previous versions would allow you to boot to ‘Safe Mode' so you could remove the malicious code, but now they block access to Safe Mode altogether.

Anyone that gets hit by this scam needs to have a full security check done on their computer, because this is a clear indication that the computer’s security is not up to date. Simply removing the code and not plugging the security holes that allowed it to happen will likely mean it will happen again in the near future. Most users are being hit because they haven't kept their operating systems and antivirus software up to date, which allows them to get hit just by visiting a rigged website (a.k.a. drive-by download).

A much more serious ransomware is hitting businesses via a common remote access tool built into Windows-based Servers known as RDP (Remote Desktop Protocol). Hackers are scanning the Internet, looking for RDP connections that are using default port settings with easy to crack passwords. Once they crack the password, they can access the entire corporate network (even attached backup drives) and run a script that will seek out common business files and encrypt them, which locks the owners out. They then display a ransom demand page with a timer stating that you have one week to pay the $3,000 ransom or it goes up by $1,000. Each week that you wait, the ransom goes up by $1,000. Data recovery from this attack is nearly impossible, so you can only recover data if you have an off-site backup that wasn't attacked. To avoid this current exploit altogether, businesses can turn off RDP and use an alternate remote access solution such as LogMeIn or GoToMyPC.

If you see any evidence of this FBI/Police virus, turn off your computer immediately and call a computer repair specialist. 

This post is contributed by a community member. The views expressed in this blog are those of the author and do not necessarily reflect those of Patch Media Corporation. Everyone is welcome to submit a post to Patch. If you'd like to post a blog, go here to get started.

Doug Vieau February 27, 2013 at 04:26 AM
Yes, this happen to my laptop. Tried to repair myself but couldn't get into safemode. The crew at Data Doctors in Wayzata knew what to do and now my laptop runs better than ever. Doug Metrop Photo & Frames Wayzata


More »
Got a question? Something on your mind? Talk to your community, directly.
Note Article
Just a short thought to get the word out quickly about anything in your neighborhood.
Share something with your neighbors.What's on your mind?What's on your mind?Make an announcement, speak your mind, or sell somethingPost something
See more »