So many people want to get something for nothing. They don’t want to pay for Netflix, or pay for their movies, or some other such digital product. They say that it’s a victimless crime and doesn’t harm the content/product owner any. While that’s debatable, there’s now a a serious example of why getting shit for free is not a good idea, unless it was supposed to be free in the first place.
Enter the “Netflix Login Generator”. No, I’m not going to link to it – or even search results. That’s because it does no such thing. It installs the ransomware called “Netix” on your computer, while pretending to give you login credentials for free Netflix (spoiler alert: they don’t work).
The ransomware demands about $100 in Bitcoin (about 0.1 Bitcoin as of this writing).
What You Would Lose
The Netix ransomware seems to go only after the files in C:\Users, meaning all of the documents that are yours specifically. Additionally, if your account has Administrator access to the computer, it would get everybody else’s files as well. The following files extensions are the targets of this ransomware:
.ai, .asp, .aspx, .avi, .bmp, .csv, .doc, .docx, .epub, .flp, .flv, .gif, .html, .itdb, .itl, .jpg, .m4a, .mdb, .mkv, .mp3, .mp4, .mpeg, .odt, .pdf, .php, .png, .ppt, .pptx, .psd, .py, .rar, .sql, .txt, .wma, .wmv, .xls, .xlsx, .xml, .zip
How Do I Know If I’m Infected With Netix?
Well, it’ll tell you. Your desktop background would be changed this this image:
Also, on your desktop, there will be a new .txt file, called “Instructions.txt”. Here’s a screenshot of an example (courtesy of Trend Micro):
If I’m Infected, Should I Pay the Ransom?
It’s my firm belief that you should never pay digital ransoms like this. However, the true arbiter of what’s “worth it” is you. How much are those files worth to you?
It’s also not a guarantee that you’ll get your files back, even if you pay. Some ransomware is bugged unintentionally, making recovery impossible. Some criminals are simply loathe to help their marks and use ransomware as “fire and forget”.
Can I Take It To a Computer Repair Shop?
I wouldn’t waste your time. Unless that computer repair shop has a MASSIVE array of computers (think: NSA), all linked together to perform brute force decryption, they will be unable to break the AES-256 encryption, which is top of the line encryption. It’s considered theoretically uncrackable, unless an implementation bug is found. Here’s a good discussion on Stack Exchange, if you want to know more.
So What Do I Do?
If you’re already infected with ransomware, you can do Google searches to see if a decryption tool has been released. In some cases, the keys were released, or bugs were exploited to create free tools. Many antimalware providers offer these tools free of charge. But they only work on some forms of ransomware, not all (or even most).
The only real way to protect yourself is PREVIOUS backups to an offline device. That means you back up your files and/or computer to an external hard drive, and then DISCONNECT that hard drive. If you leave it connected, there’s too high a chance your backups will become encrypted in the process.