Ransomware: how to protect your computer, remove malware and decrypt files

Rights, Scams and Politics

Updated on 13 December 2016

Popcorn Time – a new type of ransomware – is spreading fast. Here’s what you need to know, what to do if you’ve been hit and how to protect your files.

Sections

Popcorn Time

Security experts are warning about a new ransomware virus called ‘Popcorn Time’ that is using a fiendish pyramid-scheme style system to spread.

Ransomware is a type of computer virus that scammers use to lock you out of your computer and threatens to delete all your files unless you pay a ‘ransom’.

Popcorn Time screengrab (Image: MalwareHunterTeam)

The scammers give victims two options to obtain a decryption key to free files.

The ‘fast and easy’ way is the traditional ransomware route, with the promise of files being released after a payment via digital currency Bitcoin is made to the scammers.

The cost is one Bitcoin which is about £614.10.

The ‘nasty way’ gives victims the option of getting their files back by sending the ransomware link to two other people. If they pay, the scammers promise to release your files.

Popcorn Time screengrab (Image: MalwareHunterTeam)

Popcorn Time also has another twist. It is designed to delete files if the decryption key is entered wrong four times.

The scam is believed to be capitalising on the popularity of an app which is also called Popcorn Time, and is known as the ‘Netflix for pirated movies’.

Images: MalwareHunterTeam.

Growing problem

Ransomware is a growing problem and costs victims billions of pounds each year.

Research from Trend Micro found 44% of businesses in the UK have been infected by ransomware in the last 24 months, with 27% being hit more than once.

But it’s not just businesses at risk: individuals are increasingly being targeted by scammers.

Last year a form of ransomware called TeslaCrypt was discovered, which targeted online gamers, threatening that their game progress would be eliminated unless they forked out hundreds of pounds in Bitcoin.

It followed CryptoLocker, which targeted computers running Microsoft Windows. It is believed that this particular strain of ransomware extorted around $3 million (£2.36 million) from victims.

Check your credit report for suspicious activity

How does ransomware work?

Most malware ends up on your machine when you click a link or open an attachment from a dodgy email or fake software update. And ransomware is no different.

Once the ransomware is on your machine, it begins encrypting your files, so that you are unable to open them. You are in effect locked out of your own computer.

You will then be told that, in order to unlock your machine, you will need to pay a fee. This will likely have to be paid in Bitcoin, as it is much harder for the authorities to trace, and will amount to hundreds of pounds.

The ransomware may put you under pressure to act quickly, either threatening to delete files every 30 minutes unless the fee is paid, or to double the fee if it isn’t paid by a certain point.

In theory, once the fee is paid decryption will begin and your files will be released. In reality, that means taking the word of hackers, so you may simply be milked for even more cash.

What to do if you’ve been hit with ransomware

Paying up leaves you vulnerable to further cybercrime – you’ll go on a so-called 'suckers list' and be targeted by yet more scams in the future.

But what other options do you have?

One option is to use backed-up versions of your files, if you have them. You can back up all of your files regularly to either an external hard drive or an online cloud service.

Alternatively, there are some firms offering ransomware removal software. Exactly what type of programme you need will vary, depending on the sort of ransomware that has made it onto your computer. This guide from PC World magazine gives a useful run through of your various options.

And don’t forget to report it to the police and to anti-fraud organisations such as Action Fraud.

Earn 5% interest from your current account

Protecting yourself from ransomware

As well as regularly backing up your files, there are other things you can do to keep the scammers at bay.

Firstly, be on your guard. Don’t click on links in suspicious emails or download attachments that you weren’t expecting.

Look out for signs that the email is part of a phishing scam, such as poor English or asking for inappropriate information. You are the first line of defence. If you are in any doubt about an email’s legitimacy, contact the sender yourself to check. That doesn’t mean clicking ‘reply’ either! Call them if possible.

Next get some decent antivirus software, and keep it up to date. This will act as a useful safety net should you click on a dodgy link by mistake. Similarly, get a popup blocker, which will keep some of the dodgy links at bay too.

Check your credit report for suspicious activity

Comments

Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © lovemoney.com All rights reserved.

 

loveMONEY.com Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FCA) with Firm Reference Number (FRN): 479153.

loveMONEY.com is a company registered in England & Wales (Company Number: 7406028) with its registered address at First Floor Ridgeland House, 15 Carfax, Horsham, West Sussex, RH12 1DY, United Kingdom. loveMONEY.com Limited operates under the trading name of loveMONEY.com Financial Services Limited. We operate as a credit broker for consumer credit and do not lend directly. Our company maintains relationships with various affiliates and lenders, which we may promote within our editorial content in emails and on featured partner pages through affiliate links. Please note, that we may receive commission payments from some of the product and service providers featured on our website. In line with Consumer Duty regulations, we assess our partners to ensure they offer fair value, are transparent, and cater to the needs of all customers, including vulnerable groups. We continuously review our practices to ensure compliance with these standards. While we make every effort to ensure the accuracy and currency of our editorial content, users should independently verify information with their chosen product or service provider. This can be done by reviewing the product landing page information and the terms and conditions associated with the product. If you are uncertain whether a product is suitable, we strongly recommend seeking advice from a regulated independent financial advisor before applying for the products.