All you need to know to protect yourself from this digital threat
What is ransomware?
Ransomware is type of malicious software (malware) that impedes users from accessing their infected devices or files, unless they pay a ransom.
It affects personal computers (desktops, laptops), servers, and other devices, such as tablets, and smartphones. Although most infections occur on Windows system, there are versions that affect MacOS, iOS, Linux, and Android systems.
How does ransomware work?
A ransomware attack has three phases: infection, sequester, and extortion. Once successful, it is very quick, taking less than a few minutes from the start of infection to loss of access to system/files and consequent ransom.
WannaCry, CryptoLocker, TorrentLocker, CryptoWall, Fusob, UltraCrypter, and Locky, are a few of the more well-known ransomware.
How to protect against ransomware?
Prevention is the best protection from ransomware.
If you suspect that you’ve been infected with ransomware, disconnect your device from the network immediately.
Making backups regularly. In addition to ransomware, systems are exposed to other types of malware (virus, Trojans, spyware, etc.). It is important to make backups to be able to restore files easily and quickly. It equally important to test backups to verify if they are been correctly made and that they can be restored correctly.
Storing a recent backup copy in a unit where files cannot be changed. Ransomware affects files that have write permissions, including those that are stored in cloud folders (Dropbox, Google Drive, One Drive, for example) and external USB units, among other formats.
Use software that enables you to neutralize threats in real time, such as blocking access to websites that contain malicious code, and analyzing downloads.
Don’t enable macros in documents received by email. Malicious attachments are one of the main sources of ransomware infection. Attackers try to persuade users to enable macros, only to infect them later on with ransomware.
Don’t click on links or visit websites from suspicious email messages. Usually, attackers entice users to make an impulsive action, such as opening a document or clicking on a link that may result in infection. To this effect, they send electronic mail messages, as if they were from governmental authorities (Tax authority, or Ministry of Finance, for example), authorities (PJ, PSP, FBI, or the CIA), or well-known companies, such as Paypal, Fedex, or DHL. The message’s content is generally of urgent nature and/or intimidating, demanding the user makes an immediate action, such as opening a document or visiting a website to resolve the fake situation. Generally, to conduct these actions, the user will have to install or execute some type of software (that is later revealed to be malicious).
Show file name extension. Some files that contain malicious code add file name extensions, making them seem like inoffensive extensions. By having this option enabled, you can easily view the type of file that you are trying to open (for example: “invoice.pdf” becomes “invoice.pdf.exe”, in case.
Don’t use administrator/root permissions unless necessary. A user account without administrator privileges is sufficient to execute most of a device’s usual tasks. As such, even if the malicious code is executed, there is a chance of not having the necessary permission to make harmful changes to the system.
Restricting write permissions in file servers as often as possible.
Install the latest security updates for the operating system and other installed software.
Educate users to the threat and define a procedure for when they suspect of any email, pop-up, file or program.
The best solution is to be prepared for a ransomware attack.
How remove ransomware
If you’ve been infected by ransomware, get in touch with experts in IT security, in order to get the best advice on how to proceed.
The recovery of infected systems or files from ransomware is very unlikely in case you have not made backup copies. Many people, in despair, end up paying the ransom to recover their files. However, there is no guarantee that the decryption key will be sent, or if the attackers will not demand more payments, or if the system has not yet been affected, for more than one version of ransomware.
The quickest and most economical way of recovering infected files with ransomware is by restoring a backup..
There are free tools to help you recovery encrypted files without having to pay the ransom. These tools work only with well-known versions, for whom it is possible to create a decryption tool. There aren’t any tools that work for all types of ransomware.
It is essential that malware be removed from the system before restoring files. Otherwise, the system/files will be re-infected. For this purpose, you can use an antivirus or another protection program. (Note: this step does not restore access to the files, but rather guarantees the system is free of malicious code that encrypts its files).
"The general advice is not to pay the ransom. By sending your money to cybercriminals you’ll only confirm that ransomware works,
and there’s no guarantee you’ll get the decryption key you need in return."
-- No More Ransom
Free tools to remove ransomware
At the "No More Ransom" website, you can find decryption tools for some versions of ransomware, such as Coinvault, WildFare, Chimera, Teslacrypt, Jigsaw, among others). This website is an initiative of the Dutch Police’s High-Tech Crime Unit, from the European Cybercrime Centre (EC3) of Europol and of two cybersecurity companies, with the goal of helping victims of ransomware recovering their encrypted files, and recover your encrypted files without having to pay criminals.
Keep your files protected from ransomware
Learn how Terabunker can protect your files. Ransomware is the largest virtual threat of 2017, affecting companies as well as individuals on a large scale. Don’t become a victim of digital extortion. Protect your files, protect your business.