Ransomware

            

            On Sunday morning my nightmare was realized. A virus had encrypted almost every one of my saved files and every folder was accompanied with a file, using the Google symbol, with the name “Help Recovery” on it. When I restarted my computer a note appeared on my screen that was literally a ransom note that read: “What happened to your files? All of your files were protected by a strong encryption with RSA. More information about the encryption RSA can be found here: https://en.wikipedia.org/wiki/RSA_(cryptosystem). This means that the structure and data within your files have been irrevocably changed. You will not be able to work with them, read them or see them. It is the same as losing them forever but with our help you can restore them. How did this happen? Especially for you was generated the secret keypair RSA – public and private. All your files were encrypted with the public key, which has been transferred to your computer via the internet. Decrypting of YOUR FILES is only possible with the help of the private key and decrypt program, which is on our Secret Server!!! Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed. If you really need your data then we suggest you do not waste valuable time searching for other solutions because they do not exist.” This was followed with several choices of links for me to follow, which I didn’t. Instead I looked it up and found that this is called “ransomware” and it all started in Russia, of course. I guess since they wanted me to be able to access the internet in order to pay them, they selectively left unencrypted any files I needed for that purpose.

I went to talk to Tony at Mobil Computers but he said that tax season has begun and he doesn’t have time to fix computers when he’s doing people’s taxes. I called up the place where I bought my computer but they were closed on Sundays.

            I then did what I should have done as soon as I bought my computer. I downloaded Malwarebytes. It’s free but they give you the Premium version for two weeks. I ran a scan and the program found fourty pieces of malware, including several Trojans, which it removed.

I was fortunate that I’d recently gotten another system and that most of my files were still on the old hard drive. It was also lucky that this had happened before Nick Cushing came back for his hard drive dock and so he had inadvertently saved me all over again. I deleted every single visibly encrypted file and replaced them with the files from my old hard drive. I made sure every now and then that the ransomware didn’t have some ability to infect the files again from within, but I found they were all functional. Once I’d deleted the ransom files from my start up menu, I stopped receiving the ransom note. The only thing that came up after every restart was a warning that a certain file in the registry failed to load. I assume that is one of the files they put into the registry.

What I really should have done was to reinstall Windows but my system was functioning and was only slowed down by the work of Malwarebytes Premium fending off a veritable storm of viruses trying to get in. I may have to get an illegal version of Premium to keep the wolves at bay.

Nick Cushing came by with Bruce March later that afternoon to pick up his hard drive dock. By that time I had replaced all of the infected files. I have a little bit of money left over from my Grant, so if I need to soon I can just buy a dock of my own.

I spent a good part of the rest of Sunday downloading a lot of the files I’d lost. It’s also very fortunate that I post a blog on a daily basis, because I was able to simply copy my journal back from my blog and reformat it into the Word document in which I keep it.

All I really lost from this hassle was time that I should have been spending reading the material for my two courses.

            What gets me is thinking about the kind of people that would be in such a criminal business that would kidnap people’s computer files and hold them for ransom. Why would someone be all right with fucking other people up like that? Do they only live in Russia or are there people here that would be that mean? Either way they are total assholes.