A number of people I know have had their PCs infected with the form of malware that is being called "ransomware". Here is what ransomware is and what you should do if you get infected by it

Ransomware is a more vicious form of the widespread category of malware known as "scareware". In this variant of scareware, crooks take over your PC and threaten to destroy your files if you don't pay up. The malware then starts erasing your stuff if you don't provide a hefty bribe to some account that they provide. Another variant claims that you have child pornography on your PC and threatens to report you unless you pay. These extortion scams are why the name "ransomware" is used. 

Scareware and ransomware are particular problems because they use trickery and social engineering to get around anti-virus programs. They use false messages to fool people into clicking links on pop-ups. These pop-ups are triggered by rogue JavaScript present on web pages that are visited. Well-known legitimate sites have had these scripts planted on them in advertising. The pop-ups look like a warning from your own anti-virus program and trick you into clicking on a link that gives the malware permission to install. Once installed they are a real problem to get rid of because they disable your anti-virus defenses. An example of a phony warning is shown below. Click on this and you really are infected.

Note that browser extensions like NoScript and AdBlock Plus can help prevent these pop-ups. 

If you do get infected, one way to deal with the problem is to use an external disk with security software to remove it. This gets around the problem of the malware disabling the local security software and blocking efforts to clean it. Detailed descriptions of this and other procedures for cleaning an infected computer are given in this article.

Another way is to use the free Sysinternals tool called AutoRuns. Mark Russinovich, co-founder of Sysinternals and now a senior scientist at Microsoft, has a post at this link about ransomware and describes how to use AutoRuns to find and eradicate an infection.

Personally, my preference for dealing with this sort of infection is to reformat the disk and then restore the backup image that you should be making at least weekly. Sadly, the great majority of average PC users that I encounter don't back up regularly and they have to go through one of the tedious procedures mentioned above. In the meantime, ransomware may continue to wipe out files before you can get a fix on it. One more reason why regular backups are so important.

Get your own favorite tip published! Know a neat tech tip or trick? Then why not have it published here and receive full credit? Click here to tell us your tip.

---

This tips section is maintained by Vic Laurie. Vic runs several websites with Windows how-to's, guides, and tutorials, including a site for learning about Windows and the Internet and another with Windows 7 tips.

Click here for more items like this. Better still, get Tech Tips delivered via your RSS feeder or alternatively, have the RSS feed sent as email direct to your in-box.