Ransomware, being installed, once installed, will encrypt the important data on your computer/network without asking for your permissions and will blackmail you in order to you to access the data by decrypting. A window or notification which cannot be closed will be displayed on the screen showing a countdown clock giving you the time to pay the money to safeguard your data. If you neglect, you data might be deleted or never be restored again.
You data will be safe as long as you have control over the encryption and decryption procedures. How could it be safe if it is encrypted by some unknown person leaving you no way to decrypt unless you pay some money in return?
Ransomware takes different forms. It will not enter into your computer just like a software program.
Via Emails – Hackers will try to inject the program as an attachment in email with different file extension which will be exploited once the file is downloaded and tried to open.
Via Security Loop Holes – Hackers will be hunting for the security loop holes to inject the virus programs into our computers. That’s why software vendors advise users to regularly update their software with new patches and upgrades.
Via Freeware – One of the major virus transmission media is the freeware. Hackers consider freeware software as the potential method to spread viruses to take control of users’ computers. After all, not all freeware software programs are virus prone but, be careful while downloading them from source.
Via Cracked Version Software/Game – Only 30% of the computer users buy software genuinely. All others just download them from internet. A computer means only the hardware for most of the people but software is the one that costs 10 times more than an average computer.
A cracked version of the software/game of game might give you full access but it also brings many security risks along with that. Remember that your anti-virus or firewall programs are not invincible enough to block every attack and data slip.
How to know if my computer is infected?
Ransomware is not stealth-ware. It exploits right away at the time it enters the computer or exploits after some time like ‘mod’ ransomware of Minecraft. However, you will be able to see a window or undeniable notification opened with a countdown timer. So, better not search for it and delete other files in suspicion by mistake.
You will be given instructions to pay for the hacker to decrypt the files which would be notified to you in time.
My Computer is infected. What to do now?
Before you scream it out, ask yourself the following questions,
- Do I have any important data on the computer?
- If my important data is still accessible?
- Do I have a backup of the data? If yes, to what extent?
The above three questions answers your tension about this kind of virus. Generally ransomwares uses RSA 2048 encryption technology to encrypt the files on the victim’s computer. An average desktop computer will take 6.7 quadrillion to crack the 2018 bit RSA key if run without turning it off.
Not only you, the ransomware countdown timers also won’t wait till you develop a crack for the encryption and build a super PC. So, there are limited options for you now.
- To wipe all the data on your hard disk and make it new again
- To safeguard the unaffected data onto another safe drives (preferably cloud drives like Google Drive, One Drive and so on)
- To restore the latest backup
Before you take any further step, make sure to take the following actions in order to avoid spreading or re-affecting of the ransomware.
Action #1: Disconnect from network
Disconnect the infected computer from the network to avoid the further spreading or damaging of data on the other computers on the network. Ransomware can easily spread through shared files, folders, networks and USB thumb drives.
Cloud storage drives might restore the data as they maintain better security measures to storing the data from millions of users. For better recovery results, better to disconnect even though not connected to any network and only connected to internet through modem.
Action #2: Calculate the scope of recovery
Some files may not be affected because of the security programs you are using to lock or encrypt them. Check the list of files that you can still access and move them on to cloud drives or another safe drive as a precaution.
Some ransomware will list the encrypted files in the registry. This might help you separate the affected files and programs from the unaffected ones. Search on the internet for better knowledge of the ransomware that is installed on your computer.
Action #3: Check for security holes on your network
In general ransomware does not spread over the network like other malware programs. They will only encrypt the files that has direct access to. If you see the ransomware spreading through the network on all/any other computers, it means that your network system has got some security loop holes. Better take care of it first.
Wrapping up with a solution
The best solution for ransomware infection is that restoring of the backup. It is the ideal solution that gives maximum best result than trying out 3rd party decrypting software. If yours is an organization or a company, backup is an essential security mechanism that you should afford at any cost.
Try to restore files from backup at most extent. If you have not taken any backups, you may have to lose some money or data itself. If you have no important data in the computer, try to wipe it off completely (not formatting). Wiping off the data will erase the file table on the drives and cleans the hard disk as new as it was when bought.
Once the data is restored or recollected, take precautions for the next time. Use the best security programs and take regular backups to other secured computers or cloud. Train the employees in case of a company. Research and make a list of ransomware programs and block them right at the firewall. Keep the anti-virus- anti-malware and anti-spam software updated with latest definitions and never ever try to use patched security software.
In order to seek help and prevent your data from encryption or solutions post infection, please reply to this email. (please avoid calling on the toll free to minimize response time and reduce blockage on the call volume.