There are two types of Ransomware currently in existence:
Lockscreen and Encryption based ransomware.
Lockscreen based ransomware will "lock" your computers display with a full-screen message that prevents you from getting to your PC or files normally and displays an image asking for a "ransom" typically in Bitcoin.
Encryption based ransomware will make changes your files by encrypting them so you can’t open them without the specific decryption key, which you receive by paying the "ransom" typically in Bitcoin.
What is Bitcoin?
Bitcoin is a digital currency that is preferred by criminals conducting these types of ransomware attacks. It is difficult to track and verify transactions against someone's real identity, because the transactions are made pseudo-anonymously. By using Bitcoin it also makes the process very simple to then convert into regular fiat based currencies (USD, EUR, etc) without being detected by the authorities.
What do I do now that I'm infected?
- Do not pay the ransom! By paying the ransom it perpetuates the problem by rewarding the very criminals that are perpetrating these attacks and it does not guarantee the safe return of your files.
- Now that you are infected it is next to impossible to remove and decrypt the files affected by the virus without the aide of third party decryption utilities, which only work for a very limited number of these infection types and require physical device access.
- The best practice is to restore your computer to a factory state using the manufacturer's recommended settings and restore any previous backup of your files afterwards.
How did I get this infection?
Some possibilities may include:
- Visiting unsafe, suspicious, or fake websites.
-
Opening emails and email attachments from unknown or unexpected senders.
- Clicking on malicious links in emails, social media, and instant messenger chats.
- Malicious ads served up by exploited websites that would be normally considered safe otherwise.
- Looking for paid content for free or illegal content on torrenting websites and other dark web forums.
What can I do to protect myself?
Follow these safety tips:
-
If you ever question yourself – don’t click it! Phishing emails and web pages typically have incorrect spellings, or look out of the ordinary. Be on the lookout for incorrect spellings or white spaces, symbols, or punctuation of company names Do not click links on a webpage, in an email, or in an instant message unless you are certain the sender and link are both safe.
- Always keep backups! Have a disaster recovery plan which includes having three copies of your data, stored on two different storage media, and one copy offsite in a secured location or stored on a secure cloud backup solution like our Online Backup solution found here.
- Don't open attachments! Filter downloaded executable files and archived files, such as EXE and ZIP packages, from Email by scanning them with an Anti-Virus product. Also, make sure to enable Show File Extensions in Windows Explorer.
- Lockdown administrative rights! Create multiple user accounts to restrict access to sensitive portions of the Operating System. For instance create an administrator account for installation tasks and security updates. Then create a limited user account for accessing the internet, running applications, and performing other daily tasks. Also, disabling the Remote Desktop Protocol in Windows can help to prevent unwanted intruders from gaining access to your computer.
- Stay up to date! Be certain to patch applications (web browsers, pdf viewers, plugins, etc) and run Windows Updates frequently to make sure that you have the most up to date security patches installed on your system to help protect against known exploits that can be leveraged to get past the barriers put up by anti-virus and other security software.
- Stay informed! Be aware of the current features that are available in the your security software that you have installed on your system by reading self help guides available on knowledge base portals such as this one.
For browsing best practices - Click Here
For email best practices - Click Here