Fundamental Actions Regarding Ransomware
Ransomware is a category of malware that brings trouble to users by locking files by an industry-standard encryption protocol (usually AES – Advanced Encryption Standard), and asking them to pay a “ransom” in order to restore the files to their original state. It is a virus that requires money in exchange for restoring such a condition, but there are many cases where it is not possible to recover even if you pay money – as people are dealing with cybercriminals.
Ransomware infection route
It is possible to open the attached file of the mail that the criminal sent, also known as a spear phishing campaign, or to click a malicious link in a non-mainstream website or instant messenger app. In addition, it has been confirmed that a third-party website may have been tampered with by hackers and a simple visit to such website by an old unpatched version of the browser is enough to trigger the infection.
What to do If you get infected with ransomware?
- Update antivirus software definition files to the latest status and perform a scan (this may delete the malware from Windows, but the encrypted files remain encrypted.) This action is feasible only if a working backup of files are available for the restore process.
- Use the corporate backup system, fully reformat the hard drive of the infected computer, and restore the files from the corporate backup.
- “Windows System Restore” is implemented in Windows since XP, and it may be possible to disinfect the computer this way. (Though this will not decrypt the user files)
- Use of decryption tool, available from https://www.nomoreransom.org/, it is a non-profit organization that provides free decryption tools for known ransomware strains.
Ransomware infection prevention measures:
Install antivirus software
In order to reduce the risk of virus infection, an antivirus software is required, it needs regular updated definition files to keep them effective. Windows 10 has a built-in Windows Defender antivirus software, and it updates through Windows Update. Not perfect, but good enough if the 3rd party antivirus is not acceptable by the organization.
Update OS and software
Update the operating system and software and keep it up-to-date as software vulnerabilities may be exploited. Organizations may use the Windows Domain Controller server to delay updates through GPO (Group Policy Objects). But this feature is a double-edged sword, as delays in updates open the floodgates of security exploits being used to compromise security of unpatched software.
Be careful when browsing websites
Do not click on suspicious advertising banners or dialog boxes. The key is to never trust all the links you see. It is healthy for a computer to have a user that thinks more than twice before clicking any website links.
Beware of suspicious emails
Even if it is an email from someone you know or a company, etc., you should not open the attached file carelessly or click on the link if the content is unknown.
Ransomware damage prevention measures:
Back up important files regularly
There is no shortcut against any data risks but a reliable backup. In our modern world where cloud-storage services are competing for mindshare, there is no exemption, no valid reason for not having a backup system.
Julia Sowells960 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.