Back, back, back it up

You’ve heard it a million times: Don’t click on links in an email unless you know who sent it and what it is.

But sometimes the link in an email is just so darned convenient. For example, you ship a package to a friend, and then you get an email with a link to track the delivery. It’s safe to click that link, right?

Maybe not.

Scammers are sending emails that look like courtesy messages from legitimate companies — especially shipping companies — to spread a new ransomware called Cryptolocker. So what’s ransomware, and why should you care?

Ransomware is a type of malware that prevents you from using your computer until you pay a certain amount of money. It’s essentially extortion, with all the data on your computer at risk unless you pay.

Cryptolocker works by encrypting all the files on your computer — your photos, your documents, your tax refunds — anything you’ve saved to the hard drive or any shared folders. Once the files are encrypted you won’t be able to open them without the encryption key — which you can get only from the criminals behind Cryptolocker.

After Cryptolocker has encrypted your files, it displays a message like this:

The criminals demand payment through an anonymous payment type like Bitcoin or Green Dot cards, and promise to give you the key if you pay the ransom in time (for example, $300 to be paid within 72 hours).

Unfortunately, once Cryptolocker has encrypted your files, there’s no way to recover them. You could pay the ransom, but there’s no guarantee you’ll get the encryption key.

So what can you do?

Back up your files. Right now. And often.

An external hard drive is a good option, but be sure to disconnect it from the computer when you are not actively backing up files. If your back-up device is connected to your computer when Cryptolocker strikes, the program will try to encrypt those files, too.

What else can you do?

The best way to avoid downloading Cryptolocker — and other kinds of malware — is to practice good computer security habits.

  • Instead of clicking on a link in an email, type the URL of the site you want directly into your browser. Then log in to your account, or navigate to the information you need.
  • Minimize “drive-by” downloads by making sure your browser’s security setting is high enough to detect unauthorized downloads. For example, use at least the "medium" setting in Internet Explorer.
  • Don’t open “double extension” files. Sometimes hackers try to make files look harmless by using .pdf or .jpeg in the file name. It might look like this: not_malware.pdf.exe. This file is NOT a PDF file. It’s an EXE file, and the double extension means it’s probably a virus.

For more tips about how to avoid, detect, and get rid of malware, watch our video:

 

Blog Topics: 
Privacy & Identity

Comments

Thanks much for your information. I've been pretty lucky so far. Hope it holds through this next half century.... That ought do it for me!

I only hope that I didn't make ANY Boo Boo's. It sure looks solid -- Ralph

thanks for the information it is invaluable

Thank you for this great advise, all others before it, and all others to come. Keep up the good work!:)

Sound advice.

The recommendation in the video to use a computer at a library to change your passwords is very wrong. Library computers--available for anyone to use, for anyone to visit sites or run downloads that will install malware, or for anyone to purposely install malware--are not secure.

I have been hit by the "FBI" virus twice - I've had to call my tech support to take over my computer and clean it. It's VERY annoying to say the least. I don't think it matters what link you click on - it just appears out of nowhere.

Do I understand this to say that as long as you TYPE in the suspicious URL in your browsers address space, instead of clicking on it, you will be safe?

BASICALLY...If someone sends us an Email OR(We receive a PHONE message) WE NEED TO MAKE SURE WE HAVE THE "CORRECT" URL OR PHONE # JUST IN CASE IT IS A DO NOT TRUST URL's OR PHONE #'s PROVIDED TO US IN MESSAGES! "THEIR" CONTACT INFO TAKES US TO THEM "THE SCAM-ER" NOT THE LEGIT COMPANY! DO OUR OWN RESEARCH. ...Hopes This Helps.

Hi, we're suggesting that instead of clicking on a link in an email that is supposed to take you to your bank account, for example, it's better to type your bank's URL into your browser (so you know that it's the correct URL), and log in to your account from the homepage.

Irony is....the fact you sent an email with links in it.

info.apac@surveysampling.com and IRS type fraudsters are on big time. their newest nos. are 202 241 0262/ and their test nos (they place random calls with fake nos.) are 815 687 8563 and 318 469 4450. They can spoof the system to call your no. from your own no, of any no. they want. how do they do this.....??? they are Indians of Punjabi origin as if you curse them in punjabi they respond in punjabi. shame on them.....they are ruining the good punjabis reputation. someone go arrest them

If I make the minimum monthly payments on my account, can the company take funds from my bank account in excess of the amount the check is written for?

Leave a Comment

Comment Policy

Read Our Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.