- Joined
- Dec 27, 2008
A customer of mine called recently because he had let scammers remote into his computer and manipulate things. His wife realized what was going on and had him hang up on them before they could extort money. I told him to turn off his computer, not answer the scammer's attempt to contact him by phone (they had tried to call him several times after he hung up on them) and to bring me the computer.
Today he brought me the computer and when I tried to sign into Windows I could see they had changed his password and on the lock screen there was a "call this number" message. So it was a ransomware attack.
But all's well that ends well. A couple of months ago I had convinced this customer to purchase a USB backup drive and I set up Macrium Reflect (free version) on his computer to do scheduled imaging of his system drive. So when he brought me the computer today after the ransomware attack it was very easy to restore the system from an image that predated the scam. Fortunately, the crooks had not deleted those images on the backup drive.
Today he brought me the computer and when I tried to sign into Windows I could see they had changed his password and on the lock screen there was a "call this number" message. So it was a ransomware attack.
But all's well that ends well. A couple of months ago I had convinced this customer to purchase a USB backup drive and I set up Macrium Reflect (free version) on his computer to do scheduled imaging of his system drive. So when he brought me the computer today after the ransomware attack it was very easy to restore the system from an image that predated the scam. Fortunately, the crooks had not deleted those images on the backup drive.