What is an Extortion virus ? How to defend against it? What can you do if you have become a victim despite all the precautions? We can help! An old but now trendy type of malware that, after infecting a computer, encrypts its data – this blackmail virus, which does not spare hospitals or offices, endangers human lives.
It got its name from the blackmail virus by offering to decrypt it for a ransom. That is, victims have to pay if they want to see their data. Like other “normal” viruses, ransomware viruses spread primarily through e-mail and infected websites, but there are also instances of “incoming” chats and extortion viruses that exploit vulnerabilities in software.
In another article, we are helping to minimize the number of ransomware victims. If you think the article is helpful for others, share it with your friends!
The Best Defence Is Prevention
Because a blackmail virus is ultimately a virus, you can protect yourself against it primarily by keeping your operating system up to date, using anti-virus software, and “clicking” on links or web links in your mail.
Windows File History can provide essential protection against encrypting offline files, and OneDrive offers basic protection against extortion viruses associated with files stored online.
Extortion viruses are the mainstay of the lives of companies and public institutions – most of the major attacks were initially linked to, for example, health care facilities or some other public body. It’s no coincidence that outdated machinery and outdated software on the taskbar offer the opportunity to scammers. These viruses are sweeping through everyone, not sparing automakers and shipping companies, causing hundreds of millions of dollars in damage worldwide.
The biggest problem is that the extortion virus almost certainly infects a critical system, forcing it to shut down for days or weeks, possibly endangering human lives.
Of course, this does not mean that end users have no reason to be afraid: there is no particular need to brush up on how unpleasant an experience is when all the family photos or the almost finished doctoral dissertation goes into the soup.
The extortion viruses initially only changed the file names, so it was relatively easy to restore it to its original state after an infection – at least the data was not corrupted. Over time, as the computing capacity of the machines allowed, the simple renaming was replaced by full encryption. The most famous, however, is undoubtedly WannaCry, which struck in 2017 for the first time.
It’s also important to know that extortion viruses can now infect computers and smartphones: the trajectory of android pests is curving up.
The “sextortion” message is similar to blackmail viruses but fortunately completely harmless. A statement in a pop-up letter claims that the machine owner was captured with a computer camera while visiting porn sites on the Internet. The trick here is that the scammers are asking for money so that the recording is not made public –, however, no recording has been made, so feel free to ignore these messages!
I Caught The Virus; What Should I Do?
If someone is “caught” by an extortionist virus and encrypted, three types of reactions are possible.
- The first is that we give in to extortion, we typically pay between 50 and 300 thousand forints in HUF, and then we hope that there is no scam involved. Experts strongly oppose this, partly because there is no guarantee that it exists. If it does, the code needed to decrypt it will arrive (i.e., we pay in vain), partly because it finances and encourages fraudsters.
- The second option is to find the source of the virus and then reinstall your computer’s operating system and programs. In this case, backups will also be needed – in the absence of these; we will face more or less data loss. So let’s not stress: you need to make a PC-independent backup!
- You can also try searching the Internet for a clean-up and recovery program for a particular extortion virus. Unfortunately, success is not guaranteed because there are plenty of extortion viruses, and plenty of them are constantly changing. A good starting point for this is the NoMoreRansom website, which is linked to Kaspersky and McAfee, among others; decryption programs for hundreds of virus families are available through the site. If we fail here, all is not lost because there are plenty of other independent developers making decryption software.
Also Read: Cerberus – Banking Malware Attack