You've just opened a Web page or clicked a link in an email when your computer's desktop goes gray. A browser window pops up with the FBI logo in the top left corner. Below it is a live webcam feed with a picture of someone's face. You try to click away but find that your browser is locked. With a start, you recognize the face staring at you from the screen: It's you.
This isn't the plot of a Japanese horror film. It's a frightening form of malware called "ransomware" that has been seen with increasing frequency in recent months. No one knows exactly how many people have been hit with it, but security firm McAfee reports that it recorded more than 120,000 new samples in the second quarter of 2012, a fourfold increase from the same quarter last year.
There are many variants of ransomware, all of which begin by locking you out of your own machine. The next phase: trying to blackmail, intimidate or otherwise spook you into forking over cash. You probably shouldn't do it. But it's easy to see why a lot of people do.
The version I described in the first paragraph is the product of a virus called Reveton, which you can contract either by clicking a malicious link or visiting an infected website, which triggers an automatic download. Beneath the video feed, which registers the surprise on your face as you recognize yourself, are your computer's IP address and hostname and an urgent message: "Your computer has been locked!" Scroll further and you'll find yourself accused of possessing illegally downloaded files in violation of federal copyright laws. (A new iteration claims that you're in violation of SOPA, the Stop Online Piracy Act - which, as serious netizens know, never actually became law.)
The crime, you're told, is punishable by a fine or up to three years in prison. There's only one way to unlock your computer, according to the warning on your browser, and that's to pay up. And if you don't pay the specified "fine" within 48 or 72 hours - often by purchasing a prepaid cash card such as Green Dot's Moneypak, which makes the transaction hard to trace - it claims that you'll be locked out of your machine permanently and face criminal charges to boot.
The criminal charges are bogus, of course, but the threat of being permanently locked out of your files is real, says Chet Wisniewski, senior security adviser at the data-security firm Sophos. Some victims have reported that, after a certain amount of time passed, their files were in fact deleted. On the other hand, it's unclear whether paying up actually helps, or if it just prompts the bad guys to try to squeeze more out of you. One thing security experts do know is that the scam appears to be automated. It would be a mistake to assume there's an actual human on the other end whom you can persuade to take it easy on you because you really, really need those files.
So what should you do if you're unwary and unlucky enough to contract a ransomware Trojan? First, instructs Sophos' Paul Ducklin in a helpful video, don't panic and don't do anything rash. Once the malware has control of your machine, chances are that most of the damage has already been done. In theory the hackers could mine your files for private information, but in practice they rarely do. Too much effort for an uncertain reward.
And ignore those threats not to tell anyone about the attack. Unless you're an expert yourself, it's a good idea to enlist the help of a computer security expert to help you figure out how to handle it. The FBI - the real FBI - also recommends filing a complaint at www.ic3.gov.
As with most forms of malware, the best protection here is simply to avoid visiting compromised websites or clicking on any suspicious-looking links, whether on the Web or in emails, Twitter or Facebook messages, or even Skype messages. Keeping your operating system and apps updated with the latest security patches always helps, and antivirus software can be an additional prophylactic. But this particular type of attack also reinforces the importance of backing up your files. Otherwise, you might never see them again.
It's conceivable, some security types admit privately, that paying up could prompt the criminals to restore them. But the official advice is that you never should, and in most cases that's the advice that makes the most sense.
Slate
Slate: Pay up or the hard drive gets it
- Slate
-
-
Is it really possible to not know you're pregnant until the birth?
Trish Staine had just finished running 10 miles while training for a half-marathon when she started going into labor. The mother of three said she hadn't gained any weight or felt any fetal movement in the months before and had no idea she was pregnant. Is it possible for a woman not to know she's pregnant before she starts giving birth?
-
When is a nightgown appropriate in the office?
Who among us hasn't wondered if pajama pants are OK in the winter? What about clingy, see-through blouses for spring? And now that it's almost summer, what about nightgowns? Specifically, what about midthigh-length, straw-colored cotton nightgowns at work?
-
How to shield calls, chats, browsing from surveillance
If you have followed the startling revelations about the scope of the U.S. government's surveillance efforts, you may have thought you were reading about the end of privacy. But even when faced with the most ubiquitous of modern surveillance, there are ways to keep your communications away from prying eyes.
-
Google shuts down SMS search, angers people who had forgotten it existed
Instead of texting back search results, Google responds with a short message noting that the service "has been shutdown" (sic) and that you can continue to search the Web by visiting google.com (duh).
-
Do school bus drivers undergo background checks?
Castro was a school bus driver from 1991 to 2012, during which time he was accused of domestic violence. Do they perform background checks on school bus drivers?
-
Slate: New "Facebook phone" is now selling for 99 cents
Less than a month after it launched, the new "Facebook phone" is on sale for 99 cents with a two-year AT&T contract.
-
Why do so many European countries still have monarchs?
European monarchs are largely powerless. Why do so many countries keep them around?
-
Need a reply fast? Email someone unhappy
People who tend to use positive, upbeat language in their messages - like "care" and "amazing" - only respond to 47 percent of their emails within 24 hours.
-
Slate: Parenting advice from Uncle Sam
In an era of high child mortality and chronically poor health, as well as rapidly changing norms for childrearing, the U.S. Children's Bureau was seen as a salvation.
-
Slate: 15 facts about our planet
We live on the surface of this great giant space-borne water-laden spinning rock, separated from the rest of the Universe beneath a thin veil of nitrogen and oxygen molecules. Even though you're immersed in its influence, what do you really know about the Earth?
- More Slate Headlines
-
Raw: Baby White Rhino Debuts at Australian Zoo
Time Lapse: Rebuilding Bridge Post-collapse
Ohio Woman Accuses 3 of Holding Her Captive
Hunt for Ex-Teamster Boss Hoffa's Remains Ends
Aug. Trial Set for Ohio Man in Triple Kidnapping
Car Crash in NYC's East Village Injures 8
Obama Renews Call for Nuclear Reductions
Raw: Car Jumps Curb in NYC, Injures 8
Unusual Heat Wave Bakes Alaska
Raw: German President Welcomes President Obama
Raw: Arizona Wildfire Scorches 8 Square Miles
Raw: Huge Fire Near Yosemite National Park
Kid Couture: Spending Big Bucks on Babies
