Arizona Computer Techs

Local Verrado PC Computer Repair, affordable prices!


Ransomware – What is it?

Dec - 12 - 2015

We recently took care of a computer that was infected with Ransomware.  You’ve probably heard of Malware or Spyware, but have you heard of Ransomware?  Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back. Some ransomware will even encrypt your files to prevent you from opening them.


Dirty, nasty, ransomware.

If all of a sudden most of your files have become unreadable and they all end with a .vvv extension (like the thousands of our clients files) then your computer is infected with a new variant of TeslaCrypt ransomware. Some anti-virus engines detect it as TR/Crypt.ZPACK.  This ransom virus leaves multiple files called how_recover+*.txt and how_recover+*.html on your computer with information on how to decrypt your files. There can’t be many of us who don’t know about the plethora of malicious software, phishing scams, data breaches and other threats that are increasingly sophisticated – and increasingly unpleasant – as they do their level best to defraud, con, threaten, frighten and rob us. Unfortunately for the likes of us, the only real way to safeguard our data, bank accounts, and sanity, is to stay one step ahead of the latest dangers. And that means knowing what we are dealing with. To that end, in this post we are going to take a look at a type of malware that is often overlooked, despite the fact that thanks to its thoroughly spiteful nature, it really does deserve a little more time in the spotlight.

What is TeslaCrypt ransomware?

One reason why ransomware seems to be relatively unknown when compared to malware such as Trojan Horses or spyware is that it goes under a few different aliases. Alternatively called cryptoware, a cryptovirus, cryptoworm or cryptotrojan, if you’ve stumbled across any of these names before, then you are also reading about ransomware.

TeslaCrypt ransomware is an extremely dangerous, and worrying, program and something you definitely want to take pains to avoid. If you’re wondering just what it is that this malware can do, the names given to the various strains might give you a clue: ransom, crypto.  Yes, it is a program that has been designed to infiltrate your computer, kidnap your data by encrypting it, and then demand a ransom for its release (usually $300 or more). The theory is that once you have paid the ransom, you will be sent a code which will allow you to decrypt your files. This particular variant encrypts your files and changes file extensions to .vvv, for example review.docx.vvv.  Such encrypted Word documents cannot be opened by any program. You will simply get an error message. What is more, it manages to encrypt files on Dropbox folders. Luckily, Dropbox offers free version on all of its accounts which means that you will be able to restore your files from previous versions. Unfortunately, you can’t do the same with files stored on your hard drive. This ransomware attempts to delete all previous versions of encrypted files.

Ways that TeslaCrypt is spread

Unfortunately, it is spread in a couple of different ways, so there are a number of things you need to watch out for if you are to avoid becoming prey. If you have visited a website that has been compromised by ransomware you will be infected, or if you open an email attachment or click a link in an instant chat app message that contains the malware, you will also kick start the ransomware process.

What happens during a ransomware attack?

The way that TeslaCrypt works is to hijack your files and then demand that you pay in order that they are ‘released’. However, it is not quite as clear cut as all that and please don’t think that by capitulating to the kidnapper’s demands you will get your data back. Do not lose sight of the fact that we are talking about cyber crime here – the likelihood of the mastermind behind the program actually caring enough to supply you with the code to decrypt your files once you have paid is, well, not really very likely.

Therefore, if you do receive an email or on screen message telling you your files are being held hostage, don’t pay a penny.  Call us!

Should I pay the ransom?

There is NO guarantee that the party responsible will release your files so follow the steps in the removal guide below to remove this ransomware from your computer and hopefully, decrypt your files.

How to get my files back?

Backup!  Backup!  Backup!  I don’t know how many times we have to stress to have a backup.  If you don’t remember, read this article about it!  And if you need help, click here!  Sometimes, for this particular virus, we will have to wipe your hard disk and reinstall your files. In some cases, we are not able to recover your files.  If you are lucky enough and we do recover your files, there still is a possibility that we will find files that were encrypted and renamed to .vvv.   In order for us to remove Ransomware, we would have to first do a Virus Removal and then restore your data.

How do I prevent this?

Well, stay tuned because as I am writing this article, I am writing my 10 Tips to Stay Safe on the Internet!  I will include the link here soon!

Thanks for reading!  Comment below!

Created on my Microsoft Surface 3.

How to protect your

[caption id="" align="aligncenter" width="500"] Need help on how to protect ...

Cybersecurity Traini

[caption id="attachment_590" align="aligncenter" width="500"] Make sure you educate your kids ...

What is Two-Factor A

[caption id="attachment_587" align="aligncenter" width="580"] Keep your online accounts secure with ...

Email Security Tips

I just passed the CompTIA Security+ exam and let me ...

What is Phishing and

What is phishing? Phishing scams are typically fraudulent email messages appearing ...



    If we can't diagnose or fix your issue, we'll refund your money. We will do everything we can to make sure your issue is resolved.