HUFFINGTON POST

New Tool Fights Powerful Malware That Holds Your Data Hostage

04/15/2015 08:59 am ET | Updated Apr 15, 2015
clarence s lewis

Encryption is a great way to keep your files safe -- but what if it's used against you?

That's exactly what ransomware, an increasingly prevalent type of malware, does. While you might normally encrypt your data to keep bad actors out, ransomware encrypts it without your approval, which prevents you from accessing it -- and the ransomware is a doozy to get rid of. But a new tool released Monday can help.

Kaspersky Lab, a software security firm headquartered in Russia, released a "Ransomware Decryptor" to help people fight back against so-called "CoinVault" ransomware, which takes control of data on computers and demands payment to restore access.

While CoinVault's reach is limited -- it has affected only 1,000 or so Windows-based computers around the world, according to Kaspersky -- its presence nonetheless highlights a growing problem that consumers face on both their personal computers and mobile devices.

To understand how ransomware works, imagine going to the gym every day after work and placing your laptop and clothes in the same locker, with the same combination lock, each time. But one day, you finish exercising and can't get the thing open. A stranger approaches you from behind and says he put a different lock on it, but he'll only open it up and let you have your belongings back if you pay him $500.

That's more or less what's happening with your computer: Ransomware infiltrates your system, perhaps through a bad link sent in a shady email, and then it puts a lock on your files.

Kaspersky developed the Ransomware Decryptor tool after they were contacted by the National High Tech Crime Unit of the Netherlands' police and the Netherlands' National Prosecutors Office, a company spokesperson told The Huffington Post. Dutch police were able to obtain a database from a CoinVault server, allowing Kaspersky to create the software. It provides infected users with decryption keys that release their data from the ransomware's clutches.

Certain programs like Malwarebytes have been able to detect ransomware in the past, but decrypting the affected files has always been a complicated process. Kaspersky's product is different in that it offers a specific way to decrypt the files that CoinVault holds hostage.

If you're infected, Kaspersky can check to see if it has the proper "keys" to unlock your files via its decryption website. Then, you can download a free version of its Internet security software and follow these instructions to remove it.

The ransomware problem goes far beyond CoinVault. In the past few years, several U.S. police departments have actually paid ransoms to hackers after their computer systems were compromised by similar programs. Earlier this month, the police departments of Damariscotta, Maine, and Tewksbury, Massachusetts, both had to pay ransoms in bitcoin -- a basically untraceable online currency -- to hackers who encrypted their files with ransomware.

In February, the Chicago Tribune reported that cops in Midlothian, Illinois, had to do the same thing. In 2013, a very similar incident occurred in Swansea, Massachusetts.

So, what's to be done?

"A proactive approach against this type of malware will make the difference between a ransomware nightmare and a simple file recovery procedure," Santiago Pontiroli, a security researcher at Kaspersky, told HuffPost Tuesday.

In layman's terms, this means you basically want to make sure you always back up your files. That's the tech equivalent of flossing, but it beats paying a criminal techie a ransom in cryptocurrency. If you keep backups, it hardly matters if ransomware locks out the original versions of the files.

And -- this is hardly new advice -- never click links from sources you don't trust or open suspicious attachments. Kaspersky warns that this year, ransomware may be attached to emails purporting to be from the Internal Revenue Service to lure people during tax season, so double- and triple- check absolutely any message you get that seems fishy.

You definitely have reason to take heed: A study by Lookout, a mobile software security company, found that ransomware threats "grew by leaps and bounds" in the U.S. last year, and it seems they're here to stay. Just ask the Midlothian police department.

Suggest a correction
Comments

CONVERSATIONS