Tuesday, October 1, 2019

How to Deal with Ransomware

Ransomware is a form of online blackmail. It falls into three main categories, but the common denominator is that you are asked to pay a ransom to get rid of the problem. Victims are informed of the ransomware attack via email or by a message displayed on the screen.

Types of Ransomware 

1. Email threats 

This is not strictly ransomware, since it does not rely on the installation of malicious software on your computer. We include it here because the blackmailer may claim to have installed malicious software.

This type of ransomware is the easiest to deal with, because it does not affect your computer. You receive an email telling you that the sender has some information that could embarrass you if your family, friends or your boss were to know of it. The sender usually claims that he or she has managed to hack your password, and that he or she will still be able to access your password even if you change it. You are asked to send money to the blackmailer to stop this from happening.

In most cases, these ransomware emails have no substance. The claim that the sender holds embarrassing information about you, and that he or she has access to your email and your contact list, is false. If the emails were genuine, they would include something such as your password to show that the email was not a bluff.

Common themes used by these blackmailers include stating that they have proof that you access pornographic websites, or that they have used your computer's camera to record you doing something embarrassing. Even if you have accessed such sites, the chances are that the knowledge claimed in the email is untrue. If you keep your firewall and antivirus software up to date, you guard against malware that can track you, or capture your camera's images, being installed on your computer. Again, if the email does not include something specific about you, you can ignore these emails. They are usually bulk emails sent using leaked lists of email accounts. Even people whose computers do not have cameras may receive them.

A common variation of this scam is where the blackmailer claims to represent a law enforcement agency, even using spoofed copies of official documents to add credibility, and the demand is for payment of a fine for accessing illegal sites. No legitimate law enforcement agency in any country issues fines in this way. 

There is, nevertheless, one version of this type of blackmail that you may have to deal with. Its most common form involves meeting someone online and being tricked or cajoled into sharing intimate photos. You then receive messages or phone calls threatening to release these photos if you do not pay a ransom. Needless to say, if you pay up, you will only encourage the blackmailer to keep threatening you. If you don't pay, however, the blackmailer is quite likely to follow through on the threat. If you fall victim to this type of blackmail, you should inform the police immediately and act on their advice. 

2. Screen-locking ransomware 

This relies on the installation of malicious software on your device. A screen pops up informing you that you cannot access your device without paying a ransom. Sometimes, these pop-ups claim to be security warnings, and a fee is requested to deal with the security issue.

These ransomware attacks to usually easy to deal with. Running a scan with your anti-virus software is often enough to get rid of the malicious software. Reboot into Safe Mode and run the scan. If you are still having problems, check out ransomware removal tools or contact an IT support expert.

3. Encryption ransomware 

Encryption ransomware is the most serious kind of ransomware in terms of making your computer unusable. It is a type of malware that encrypts the files on your storage devices. Once files are encrypted, the apps you use will be unable to open them. You will be asked to pay a ransom to be able to regain access to your files. Do not attempt to remove the malware, as this may hinder you in getting your files back. Only when you are happy that all essential files have been recovered should you remove the ransomware.

There are some things you can try to recover from this type of attack, but you may have to pay the ransom to get fully operational again.

a) As soon as you become aware of the attack, disconnect your device from any local network, and disconnect removable storage devices like USB drives or external hard drives. This is to stop the ransomware from spreading. 

Encryption software processes original files, writes out encrypted versions of them, and then deletes the originals. Because of the way file operating systems work, deleted files are not physically removed from the storage device, so you may be able to retrieve the original versions of your files using a recovery tool. This can be a complicated process requiring expert help, and it can take a lot of time to verify that all the recovered files are usable. Make sure any recovery tools you try come from reputable sources.

b) Another option is to try a decryption tool. Experts have managed to find out the key used by some versions of ransomware, making it possible to recover files that have been encrypted. This may work for you if the encryption malware is an older program.

c) Your last resort to recover files without paying a fee is to restore them from backups. This will only work if the files on your backup device have not themselves been encrypted.

If none of these options work, your only option is to pay the ransom demanded. You will have to hope that the blackmailer will respond with the information you need to get your files back.

As you can see, ransomware can have a disastrous effect on you and your electronic files. The best defense is to make sure you do not get infected in the first place. Do not disable automatic updates for your operating systems and application like firewalls and anti-virus protection, and be very careful when installing downloaded software. Before opening email attachments, always check with the sender to make sure they are genuine.

Robert Blake
877.860.5831 x190

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com

No comments:

Post a Comment

Breached!