I was thinking about putting something on here about a little problem encountered by a good friend of mine who hadn't backed up her computer for a couple, OK 3 or possibly four, months and when her antivirus software licence expired about a week ago put off renewing it for 'just a few days.'
Silly girl we all say. How often have we read about these things, and how often have we told ourselves that we wouldn't let ourselves get into that situation?
And then I thought to myself. 'Come on Jan, you have been an idiot, it's embarrassing, and one way or another you will have paid the price. You need to 'fess up and admit that that 'good friend' is in fact yourself.' So that's what I am doing.
I discovered on Saturday that my laptop has been infected with a form of 'Ransomware' which has encrypted all of my personal files (photos, documents etc) and they will all be destroyed if I don't make a bitcoin payment (a right palaver in itself) of £200 to some shady individuals by Wednesday lunchtime.
After much research by myself and other much more computer savvy people, I have still not completely decided what to do, tho I suspect I will probably pay. The general consensus online is DON'T PAY, but that is easy to say when you haven't lost some of your best photos ever, including one that has been shortlisted in a competition.
I want to implore you all not to be an idiot like me and to back up anything you care about and make sure that your antivirus software is all up to date.
On the brighter side, I really do need to clear some space on my hard drive, so if I do decide not to pay up that will save me that job, wont it?
(I have also posted this as a thread in the hope of my message reaching a wider audience)
Really is a sobering message!
What about your precious photos? Sure hope they are backed up somewhere!
Speaking of which ... I really should back up my hard drive as well.
Oh how awful Jan, I was asking my Dave about this scam a couple of weeks ago, fearing for my computer-safety, but typical me, I can't remember what he told me. I think I remember him saying though that even if you pay, you won't get your files back - once this has happened they're gone. I hope that's not the case, but I'll ask him again later - he's an IT geek works in IT - in the fraud prevention side of things. Don't pay just yet, wait and see what others can tell you or you could end up losing your money as well as your files.
I'm sorry this has happened to you Jan. I've never heard of this. I would be inclined not to pay - they're crooks and I would imagine not interested in returning your files.
Thanks Helen, from what I have read if I pay the files will almost certainly be restored, There is so much stuff on the web about this malware that if people start posting that they paid and didn't get their files back, then nobody would ever pay again. The scumbags have to maintain their ' reputation for good customer service' don't they? ;0)
At the moment I am changing my mind every few minutes about what to do. I hate to perpetuate this kind of thing, but then again, I want my pics back. Maybe my project next year could involve an element of trying to re-create them!
To say that I am furious with myself would be an understatement.....
Grrrr - the rogues! Well I'm sure you'll decide whatever's best for you in your circumstances. I spoke to my son/technical advisor about it and I could feel him rolling his eyes on the other end of the phone! lol. So on the positive side you've reminded disorganised others like me to back up their files! Good luck.
Oh dear. The moral to this tale is twofold (a) keep your anti-virus, firewall and malware software up to date (there are some very good free offerings out there, Zonealarm do a free antivirus and firewall combination http://www.zonealarm.com/security/es/zonealarm-free-antivirus-firewall.htm ) and (b) Don't visit dodgy websites!There is a little nice-to-have addon called "Web of Trust" You can download the WOT add-on for Firefox, Chrome, Internet Explorer, Opera, and Safari browsers. Although it isn't totally foolproof, it catches up with a lot of decidedly disreputable sites when you try to visit them and blocks your access unless you specifically ask to go there (if the warning isn't enough to put you off!) https://www.mywot.com/en/download
I think you will get good advice on this website Jan........is it a con that they can actually do that....what a worry! I see @steampowered is giving you good advice ....such great help on this site! Good luck.
I'm so sorry to hear that about what these scumbags have done and I hope you get it sorted. I know I would be gutted so I save all my pics on a portable hard drive and also keep my AVG virus protection up to date. I had money stolen from my bank account (a considerable amount) through someone scamming me so know how it feels but now have Trusteer software installed to prevent that happening again. It is always a worry on the internet!
This is terrible Jan, can't believe this has happened to you. I wouldn't know what to do in your situation. Wonder how you got infected? And why it was your photos targeted.
Such a nightmare. I had to pay to have several viruses removed when I had a PC despite antivirus being up to date - it was always stuff that I had inadvertently downloaded in one scam or another - even though I'm not a total idiot I am apparently at least partially one. Hope this lot never target Macs.
I have a Mac...but have been debating for some time about storing my photos "in the clouds" so to speak. Will have to research storage more diligently.
So sorry you are going thru this. Hope it all works out at the end.
Here's another pretty technical article about Cryptolocker; if you don't have anti-viral software currently, there are some recommendations at the end of the article for good anti-viral products, including free ones, for both PCs and smartphones. (The author considers one of the free ones to be as good as or better than Kaspersky !) http://www.techworld.com.au/article/532715/how_fight_back_against_cryptolocker/
You poor thing, I had heard about this happening but assumed it was normally to companies with more money, in fact there was a feature on Radio 4 the other morning. There are a number of applicable expletives that I shouldn't type here! I use a Mac so there is less risk but Colin uses McAfee on the PC and that seems very effective when you are thinking about future virus protection software and reasonably priced (Norton was a real pain as it slowed everything down when scanning!). If you use Flickr, you can download your own photos again at a large file size which could help. X
Firstly I would like to say thanks for all the responses to this post and the advice offered.
rather than respond to points made in each post I will give you bit of an update and respond to specific points in one post if that's OK.
Firstly, where did it come from?
I have looked through my inbox for e mails with attachments that I had opened that might have been the source, but contrary to the evidence (not backing up and not having active antivirus software) I am usually very careful about opening things where I am not sure of their origin and there was nothing there that seemed suspicious that had been opened.
However on Weds or Thurs of last week I looked in my Spam folder for an e mail I had been expecting. I didn't find it but did open an e mail from Companies House about an open case which I remember thinking might relate to my husband's work (we share the email address tho he rarely ever uses it) it did have a zip file attachment but I don't remember downloading it. Companies House is listed in one of the documents about Cryptolocker that has been posted on here as being one of the originators of the emails that contain the malware. So I am guessing that that is where it came from.
Incidentally, that night when I was shutting down my laptop I was unable to do it, and my eldest son looked at it and told me that it was because I was downloading a pdf file, and following on from that I have commented a few times that my laptop was unusually slow but put that down to our rubbishy internet connection. I suppose that during that time all of my files were being encrypted.
The Cryptolocker pop-up popped up on Saturday lunchtime - pressumably after all my files had been encrypted (I can't open any of my image files.)
As Alexis said, had I realised what was going on, I could probably have removed some of the files before they were encrypted.
One good thing is that because I am such a rubbish 'backer-upper' my external drive hasn't been attached to my laptop for a long time so the files that are on there from the last (far too long ago) back-up are still OK. That is a great relief to me because some of them date back to family holidays in the days when my kids used to allow me to photograph them!
A Scam?
Some people have said that they think the whole thing might be a scam, and there have been suggestions that a computer expert might be able to retrieve the files.
This is definitely not the case, for the reasons already outlined by others.
Also there have been suggestions that if you pay you may not get your files back. From what I have found out, most people do get them back, people would soon stop paying if they read on the internet that others had done and not got their files back, and the scammers are far too sensible to let that happen.
I suspect that in addition to the reasons Alexis mentioned (servers being shut down etc) some people don't get theirs back because the scammers don't actually receive the payment. If you pay by bitcoin you have to input a string of numbers and upper and lower case letters that is over 30 digits long. I suspect that some people will make errors in doing that, especially as the script is not particularly clear - I had trouble working out if one letter was a Y or a V on the string that I would have to use.
They are clever and business-minded these people. They offer two ways to pay (neither of which involve you giving them your credit card details) tho one, which sounds like some sort of pre-paid cash card to me is only available to people in the US. The other is by Bitcoin. I first heard that this form of currency even existed about a week and a half ago, and am now more familiar with it than I ever hoped to be. Anyway, one bitcoin is currently worth about £560 or US$930 although a partial bitcoin can be bought. The value of Bitcoin has sky-rocketed recently and the clever spammers regularly alter the portion of a bitcoin (currently 0.5 of one - i.e.£280) that they are asking for so as not to price themselves out of the market. Smart hey?
It is interesting that somebody said (Louise I think) that they keep a gullible list - I had never considered this, and had assumed that the whole thing was much more random. Incidentally I have never been involved in anything like this before!
I haven't reported it. I wouldn't know who to report it to and I know that there are already enormous amounts of resources being put into sorting the whole thing out.
And finally, what am I going to do?
I am not going to pay.
I have spent a lot of time putting things into perspective over the last few days, and although this is a pretty crap (if partially self-inflicted) situation, things could be an awful lot worse. I really feel for the people who would have no means of paying up even if they wanted to, and for those small business owners whose livelihoods would be wiped out if they were attacked. Relatively speaking, I have been lucky, and there are more important things in life - most of them living and breathing (wine breathes doesn't it?) Mind you that isn't to say that I am not going to be a bit quivery-lipped when 11.57 comes round tomorrow morning and everything disappears into the ether......
I have lost some photos that I am quite proud of. A lot of them still exist in cyberspace, here and on Facebook, so the main thing that I have lost is the option to print them or further edit them if I want to, and how often do I do that? I sold quite a few framed prints last year at a local fair and had hoped to do more of that sort of thing this year, but quite a lot of the shots that I think would have been most successful are those that I have lost. That said, the ones that sold best last year were the animal shots, and I am lucky enough to have lots of willing four-legged models to get more of that kind of thing, and and the landscapes which were also successful are still on my doorstep, so I can try again - and get them better this time!
One thing that I am not sure about is that I have had a photograph shortlisted in the International Garden Photographer of the Year Competition. I have already submitted the full size file, but don't know whether, if it goes further than the shortlist, it might cause a problem that I don't have the original - can't see why it should, but am interested to know what people think.
Oh yes, and I am going to update all my virus/malware etc etc software and buy another external hard drive and use that to work from. Can anyone tell me if it is possible to back up from one external drive directly to another?
I am really sorry to have 'gone on' so long. If you are still with me by this point, thanks! And thanks again for all your input.
@jantan I have faved this post Jan as it has so many details just in case I get done too. A sorry tale that can so easily happen to anyone....I am no good at backing up files etc although I have virus stuff it could so easily be me.
The thing that would get me so angry is that these low lifers get away with it, it makes your blood boil.
I think you have the right attitude not paying & as you say photos can be re done...lucky about your lap top photos because they could never be replaced & you would probably have paid up so they would have won.
What goes around comes around..... think of that!
Thank you so much for sharing this with us...we have been warned & I am sure we will all take note.
Well I am going to improve my back up thing - I need to talk to Nige cos it's Wifi and may be vulnerable if they ever get into Apple. In the meantime put that £280 towards a nice Mac and you won't feel tainted by association with these people.
Scumbags! I read your every word Jan. How incredibly irritating. I would be spitting tacks, but what can you do? You sound very sensible about the whole thing - I would not want to give the swine a penny of mine!
I like your attitude - have you retained the cards from your camera, or do you overwrite them? I keep mine as a form of secondary backup, would hate to lose my travel snaps, and cards are not expensive now so I keep buying new ones. My photos are on external hard drives mostly, I will learn from your experience & disconnect them from now on when not using. Thank you for giving us the benefit of your unpleasant experience.
@princessm No Decima - I employ a bit of a 'scattergun' approach with my photos - taking loads and loads of RAW shots each time I go out, so I would probably need a card a week.
Thanks for the info Jan, so sorry this happened to you :( I have now backed up my photos for November, I try to do it every month at least, but I should do it more frequently.....
Oh good grief you've gone through a lot when I havent been paying attention. The dirty rogues. How can they sleep at night. So sorry that it has happened to you. If you decide not to pay you will for sure take lots more fabulous photos in the future.
So sorry to hear this Jan - how awful for you! Thank you for sharing with everyone and hopefully saving others from a lot of grief! Really do hope you haven't lost too many images! I will certainly be unplugging my hard drive!
Hey Jan, just had a sudden thought... have you thought about trying to recover some of your images from your memory cards?? If you run them through a programme like sandisk prorescue some of your lost images might turn up. Might be worth a go? Don't really know that much about it, but I know image data can be recovered from cards which have been cleared? : ))
@abirkill sorry to bother you Alexis, but is it worth Jan doing the above to try and recover some of her more recent images??? I don't really know much about it?? Thank you! : ))
@rennes It's certainly worth a try, but unless she cycles through a lot of different memory cards, she probably won't be able to recover anything but the very latest files.
When you delete a file from a card, or format the card, the data isn't actually overwritten, it's just 'hidden' and the space marked as free to re-use. The underlying data is still on the card, so those files can be recovered by undelete software. However, as you take new photos on the card, that space will be re-used by the new files, overwriting the old data for good.
Memory cards also do clever stuff called 'write levelling', which means that they'll write files to different parts of the card to make sure that it's evenly used -- this allows them to keep working for much longer than they otherwise would, but also means that even if you never fill the card during a shoot, you'll still be overwriting all the data on the card in a relatively short amount of time.
In other words, if you just deleted a bunch of files or formatted a card, you're pretty much guaranteed to be able to get at least most of that data back. But the more you've used the card since then, the less chance you have of getting files from more than one or two shoots ago. It certainly can't hurt to try, though!
@abirkill Thank you so much for your quick reply Alexis - very kind! I was just trying to think of anything that might help Jan get back even a few of her images - I know how I would feel if they were my images about to disappear into the ether. : )
Shit! Oh Jan what a total pain in the arse! I'm sorry. It's a principled call you've made though. And one bright side, such as there is one, is that your photography is so consistently outstanding that it won't take you long to build up a new catalogue of pics (that you can back-up properly) to win competitions with.
Thanks too for the heads up. I am going to take heed, and sort out my virus software etc forthwith.
One can only hope that the sad individuals who enforce this misery on other s will one day get their comeuppance, sorry to here this has happened to you.
@judithg@emmadurnford thanks for your messages. I am still trying to get my laptop sorted out so have wiped it and reinstalled windows but no Internet connection due to probs with drivers, and like you say v busy with Christmas so not had the time I have needed to get it sorted. Not done much commenting as using my iPad and after a few mins of trying to type on it I am just about ready to throw it through the nearest window!
Happy Christmas to you both and hopefully I will be up and running before too long. Hope you are both carrying on next yr.
@steampowered Hi Paul, above you told me that you back up from one external hard drive to another. Do you mind me asking how you do this please? Do you use a any special software. I have searched on the internet for this but haven't found any decent answers (i.e ones I understand!) Thanks (looking forward to your 'se7en' exploits by the way)
@jantan Hi Jan. I just back up essential files by dragging and dropping them from one disk to another in Windows Explorer as a basic backup.. My Western Digital external disk comes with software (WD Smartware) to back up selected drives and I have elected to back up one of my external drives to it using that (it happens automatically). Don't forget that Windows comes with its own Backup and Restore capability.
What about your precious photos? Sure hope they are backed up somewhere!
Speaking of which ... I really should back up my hard drive as well.
At the moment I am changing my mind every few minutes about what to do. I hate to perpetuate this kind of thing, but then again, I want my pics back. Maybe my project next year could involve an element of trying to re-create them!
To say that I am furious with myself would be an understatement.....
So sorry you are going thru this. Hope it all works out at the end.
rather than respond to points made in each post I will give you bit of an update and respond to specific points in one post if that's OK.
Firstly, where did it come from?
I have looked through my inbox for e mails with attachments that I had opened that might have been the source, but contrary to the evidence (not backing up and not having active antivirus software) I am usually very careful about opening things where I am not sure of their origin and there was nothing there that seemed suspicious that had been opened.
However on Weds or Thurs of last week I looked in my Spam folder for an e mail I had been expecting. I didn't find it but did open an e mail from Companies House about an open case which I remember thinking might relate to my husband's work (we share the email address tho he rarely ever uses it) it did have a zip file attachment but I don't remember downloading it. Companies House is listed in one of the documents about Cryptolocker that has been posted on here as being one of the originators of the emails that contain the malware. So I am guessing that that is where it came from.
Incidentally, that night when I was shutting down my laptop I was unable to do it, and my eldest son looked at it and told me that it was because I was downloading a pdf file, and following on from that I have commented a few times that my laptop was unusually slow but put that down to our rubbishy internet connection. I suppose that during that time all of my files were being encrypted.
The Cryptolocker pop-up popped up on Saturday lunchtime - pressumably after all my files had been encrypted (I can't open any of my image files.)
As Alexis said, had I realised what was going on, I could probably have removed some of the files before they were encrypted.
One good thing is that because I am such a rubbish 'backer-upper' my external drive hasn't been attached to my laptop for a long time so the files that are on there from the last (far too long ago) back-up are still OK. That is a great relief to me because some of them date back to family holidays in the days when my kids used to allow me to photograph them!
A Scam?
Some people have said that they think the whole thing might be a scam, and there have been suggestions that a computer expert might be able to retrieve the files.
This is definitely not the case, for the reasons already outlined by others.
Also there have been suggestions that if you pay you may not get your files back. From what I have found out, most people do get them back, people would soon stop paying if they read on the internet that others had done and not got their files back, and the scammers are far too sensible to let that happen.
I suspect that in addition to the reasons Alexis mentioned (servers being shut down etc) some people don't get theirs back because the scammers don't actually receive the payment. If you pay by bitcoin you have to input a string of numbers and upper and lower case letters that is over 30 digits long. I suspect that some people will make errors in doing that, especially as the script is not particularly clear - I had trouble working out if one letter was a Y or a V on the string that I would have to use.
They are clever and business-minded these people. They offer two ways to pay (neither of which involve you giving them your credit card details) tho one, which sounds like some sort of pre-paid cash card to me is only available to people in the US. The other is by Bitcoin. I first heard that this form of currency even existed about a week and a half ago, and am now more familiar with it than I ever hoped to be. Anyway, one bitcoin is currently worth about £560 or US$930 although a partial bitcoin can be bought. The value of Bitcoin has sky-rocketed recently and the clever spammers regularly alter the portion of a bitcoin (currently 0.5 of one - i.e.£280) that they are asking for so as not to price themselves out of the market. Smart hey?
It is interesting that somebody said (Louise I think) that they keep a gullible list - I had never considered this, and had assumed that the whole thing was much more random. Incidentally I have never been involved in anything like this before!
I haven't reported it. I wouldn't know who to report it to and I know that there are already enormous amounts of resources being put into sorting the whole thing out.
And finally, what am I going to do?
I am not going to pay.
I have spent a lot of time putting things into perspective over the last few days, and although this is a pretty crap (if partially self-inflicted) situation, things could be an awful lot worse. I really feel for the people who would have no means of paying up even if they wanted to, and for those small business owners whose livelihoods would be wiped out if they were attacked. Relatively speaking, I have been lucky, and there are more important things in life - most of them living and breathing (wine breathes doesn't it?) Mind you that isn't to say that I am not going to be a bit quivery-lipped when 11.57 comes round tomorrow morning and everything disappears into the ether......
I have lost some photos that I am quite proud of. A lot of them still exist in cyberspace, here and on Facebook, so the main thing that I have lost is the option to print them or further edit them if I want to, and how often do I do that? I sold quite a few framed prints last year at a local fair and had hoped to do more of that sort of thing this year, but quite a lot of the shots that I think would have been most successful are those that I have lost. That said, the ones that sold best last year were the animal shots, and I am lucky enough to have lots of willing four-legged models to get more of that kind of thing, and and the landscapes which were also successful are still on my doorstep, so I can try again - and get them better this time!
One thing that I am not sure about is that I have had a photograph shortlisted in the International Garden Photographer of the Year Competition. I have already submitted the full size file, but don't know whether, if it goes further than the shortlist, it might cause a problem that I don't have the original - can't see why it should, but am interested to know what people think.
Oh yes, and I am going to update all my virus/malware etc etc software and buy another external hard drive and use that to work from. Can anyone tell me if it is possible to back up from one external drive directly to another?
I am really sorry to have 'gone on' so long. If you are still with me by this point, thanks! And thanks again for all your input.
Please see above - it's v long so don't feel obliged to read it all, but thanks for your comments anyway. xx
The thing that would get me so angry is that these low lifers get away with it, it makes your blood boil.
I think you have the right attitude not paying & as you say photos can be re done...lucky about your lap top photos because they could never be replaced & you would probably have paid up so they would have won.
What goes around comes around..... think of that!
Thank you so much for sharing this with us...we have been warned & I am sure we will all take note.
So sorry it happened to you.
Makes me wonder how safe any of us are.
When you delete a file from a card, or format the card, the data isn't actually overwritten, it's just 'hidden' and the space marked as free to re-use. The underlying data is still on the card, so those files can be recovered by undelete software. However, as you take new photos on the card, that space will be re-used by the new files, overwriting the old data for good.
Memory cards also do clever stuff called 'write levelling', which means that they'll write files to different parts of the card to make sure that it's evenly used -- this allows them to keep working for much longer than they otherwise would, but also means that even if you never fill the card during a shoot, you'll still be overwriting all the data on the card in a relatively short amount of time.
In other words, if you just deleted a bunch of files or formatted a card, you're pretty much guaranteed to be able to get at least most of that data back. But the more you've used the card since then, the less chance you have of getting files from more than one or two shoots ago. It certainly can't hurt to try, though!
Thanks too for the heads up. I am going to take heed, and sort out my virus software etc forthwith.
Happy Christmas to you both and hopefully I will be up and running before too long. Hope you are both carrying on next yr.