Scareware and ransomware -- What to look for

Today we are going to talk about another type of malware out there that to me is one of the worst. It is the malware that reports that your computer has been compromised and then wants money to fix the problem. It comes in two main types - one is ransomware and it is blatant that your data has been captured and you will need to pay money to get your data back. The second is more commonly called scareware and it acts in a more subtle, but still fraudulent manner. The goal of both is to get your money to fix what they created to start with.

Ransomware is nasty and illegal and it has been around for a very long time. The first documented incident occurred in 1989. Ransomware takes control by either locking down the computer display or an essential service which keeps the computer from working properly. The second method is to encrypt the user's data files, keeping the user from accessing any of their data. Recent cases of ransomware encrypt the users files with an unbreakable 1024 bit code and demand $120 from the user in order to receive the code which will decrypt the files. There are reports that even after you pay the money you will not get the proper information to get your files back.

Scareware works by infecting the target computer and then looking as though it is a legitimate anti virus software that has detected an infection on your computer. The "free version" of the AV software can only detect the infection but cannot remove it. In order to remove the "infection" the user is given a link to website and instructed to buy the full version of the security software. If the user does not buy the full version, the infection gets worse and causes the infected computer to behave worse and worse, potentially causing permanent data loss. Unfortunately, even if the user buys the full version, the infection is not usually removed.

There are ways to remove both ransomware and scareware but there is no reliable way to recover data files that have been affected. The only good defense for this type of attack is to make frequent backups and stay vigilant. If anything pops up on the screen alerting you to the fact that your data is about to be lost, the best thing to do is to pull the plug and consult an expert. It is possible to use one of the Boot CD cleaning tools to remove the infection. However, this will only clean the infection and will not recover data that has been affected.

Fortunately for all of us, ransomware so far is rare because it is obvious extortion and is illegal everywhere. Scareware is still illegal but because of its subtle approach, it is unknown how many users pay for the full version without ever knowing they have been taken.