How to Spot the Signs of Fake Ransomware

Don't panic! Just because you've received a ransomware alert on your screen or in your inbox, it doesn't mean you're infected. Here's how to spot the fakes.

We’ve talked about the existence of fake malware and infections before. But how do you tell? Certainly, you don’t want to be forking out thousands in BitCoin if you don’t have to. but if the threats are real, you’ve only got so long to act, right?

Here’s how to tell the fake infections from the real ones, so you don’t end up paying (and freaking people out) for no reason.

1. You’re Alerted Via Email

Some infections will hijack your screen and make you read their demands. Others will leave their demands as a message such as a text file on your desktop or with your infected files.

But ransom demands via email are sketchy at best. Anyone can send an email. And while some people will try and claim the fact they have sent an email to your anonymous address as “proof” it is hacked, it’s not all that hard to explain.

Your email was likely part of a database made public from one of many hacks that have taken place over the last decade. So if you get an email claiming that you’ve been hacked, treat it with a very large grain of salt.

2. You’re Alerted Via a Browser Window

There’s a scary message on your browser and you can’t close the window. Because you can’t close it, it feels real. Try using Ctrl-Alt-Delete, click Start Task Manager, and End Task the browser you are using. If this solves the issue, then it was definitely fake.

3. None of Your Files are Affected.

Sounds like a no-brainer. Just go into File Explorer and check out the damage. If the file has been encrypted, its icon will look different and you will not be able to open the file. For example, your Word documents may appear as white icons and you will get an error or message when trying to open them.

4. No Identification

In the ransom demand, the people involved don’t identify themselves indirectly or directly. They may lock down your screen and not let you leave it until you understand the exact demands. The reason? Locking down your screen is the only control they have.

It sounds strange, but criminals making real ransomware demands will often identify themselves by some pseudonym like “Linux.Encoder”. They’ll let you know what they used, and some even provide a support email address.

5. The Scans Show Nothing

Scans can be behind the most cutting edge malware, but if your anti-virus and anti-malware software is showing nothing is wrong, then it’s more proof that the threat may be completely empty.

6. They Say They Know Your Secrets, But They’re Not Specific

“We know you’ve been looking at naughty things.” I’m sure if you have, your heart skips a beat. But that aside, do they really know anything, or are they just making a generalized guess to make you think they know something they don’t?

If their threat lacks detail, then they probably haven’t infected your inbox or systems. But if they know you buried a coworker in the backyard on Sunday the 19th, then not only are you dealing with a real threat, you’re also a horrible workplace colleague.

Also, even if they have access to read your inbox, it doesn’t mean your whole system is compromised – though depending on the contents of your inbox, it could certainly count as a Doxxing threat.

You’ve Identified It: What to Do Next

If the Infection is Real:

If your infection is real, check to see if you’ve got a clean backup on hand. Things like ransomware can infect your backups if you don’t have backup software with a dedicated ransomware defense tool (E.g. BackupAssist’s CryptoSafeGuard).

If you have a backup and it is clean, then you can wipe your systems and start afresh without having to pay a ransom to unlock your files. If your backup schedule was not performed regularly enough, you may still experience some data and productivity loss – basically the time between your last backup and the present.

If you don’t have a backup, then search around to see if anyone has created a decryption tool for the particular ransomware strain you have been hit with. These may not exist, and if this is the case, it is likely a choice between paying the ransom or losing your data.

Apart from the ethical concerns that by paying the ransomware makers (and rewarding their crime spree), paying also involves a risk. Namely, you can pay and still not get your data back. If you are hit again by the same malware, is this something you can afford? Is the ransom more than the hit you’ll take from losing the data?

Once you’ve dealt with the ransomware and cleaned your systems, put in an anti-ransomware strategy to prevent it happening again. Back up your data with a tried-and-true backup solution with measures against these sorts of threats, like BackupAssist.

If the Infection is Fake:

Breathe a sigh of relief. Delete anything associated with the threat, such as emails, browser cache, or trojan files. Then make sure your defenses are ironclad in case a real infection does make it onto your system. Make sure you have a multi-pronged strategy with backup software, anti-malware software, and a good firewall.

Share on email
Share on print
Share on facebook
Share on google
Share on twitter
Share on linkedin

Download

BackupAssist

Start your free 30-day trial today