Skip to main content

Overview of Ransomware




What’s Ransomware & how does Ransomware work:

Ransomware is a type of malware to block access to data or to lock a system until a sum of money is paid. Many variants of ransomware encrypt the files on the affected system, directly making them inaccessible and at-last demanding a ransom payment to restore access.

How does Ransomware infect a computer?

Ransomware is mostly spread through phishing emails that contain malicious attachments or through downloading some plugins or through drive-by download, which means unknowingly user visits an infected website from that site malware is downloaded and it got installed without the knowledge of user. Most of the crackers use this method for taking the data from the victim. Please don’t use an open Wi-Fi connections too, Beware of that..

How Ransomware spreads?

Ransomware spreads over network to your system. Nowadays no one is targeting single victim if there is a possibility if that system is connected to some other system or network the whole connected or system will also be affected without doubt.

Ransomware’s Extensions:

Some of the extensions that will be appended to files through which we can identify the system is affected by Ransomware.

Extensions are as follows.
.ecc, .ezz, .exx, .zzz, .xyz, .aaa, .abc, .ccc, .vvv, .xxx, .ttt, .micro, .encrypted, .locked, .crypto, _crypt, .crinf, .r5a, .XRNT, .XTBL, .crypt, .R16M01D05, .pzdc, .good, .LOL!, .OMG!, .RDM, .RRK, .encryptedRSA, .crjoker, .EnCiPhErEd, .LeChiffre, .keybtc@inbox_com, .0x0, .bleep, .1999, .vault, .HA3, .toxcrypt, .magic, .SUPERCRYPT, .CTBL, .CTB2, .locky or 6-7 length extension consisting of random characters.

Some known ransomware note files are also as follows.

HELP_DECRYPT.TXT, HELP_YOUR_FILES.TXT, HELP_TO_DECRYPT_YOUR_FILES.txt, RECOVERY_KEY.txt HELP_RESTORE_FILES.txt, HELP_RECOVER_FILES.txt, HELP_TO_SAVE_FILES.txt, DecryptAllFiles.txt DECRYPT_INSTRUCTIONS.TXT, INSTRUCCIONES_DESCIFRADO.TXT, How_To_Recover_Files.txt YOUR_FILES.HTML, YOUR_FILES.url, encryptor_raas_readme_liesmich.txt, Help_Decrypt.txt DECRYPT_INSTRUCTION.TXT, HOW_TO_DECRYPT_FILES.TXT, ReadDecryptFilesHere.txt, Coin.Locker.txt secret_code.txt, About_Files.txt, Read.txt, ReadMe.txt, DECRYPT_ReadMe.TXT, DecryptAllFiles.txt FILESAREGONE.TXT, IAMREADYTOPAY.TXT, HELLOTHERE.TXT, READTHISNOW!!!.TXT, SECRETIDHERE.KEY IHAVEYOURSECRET.KEY, SECRET.KEY, HELP_DECYPRT_YOUR_FILES.HTML, help_decrypt_your_files.html HELP_TO_SAVE_FILES.txt, RECOVERY_FILES.txt, RECOVERY_FILE.TXT, RECOVERY_FILE_[random].txt Howto_RESTORE_FILES_.txt, Howto_Restore_FILES.txt, howto_recover_file_.txt, restore_files_.txt, how_recover+[random].txt, how_recover.txt, recovery_file_[random].txt, recover_file_[random].txt recovery_file_[random].txt, Howto_Restore_FILES.TXT, help_recover_instructions+[random].txt, _Locky_recover_instructions.txt

Note: The [random] represents random characters which some ransom notes names may include.

How to respond to Ransomware attacks?

Mostly above mentioned are some of the known / identified encrypted extensions to know that the system got affected by ransomware.
1.      Isolate your computer from the network
2.      Never pay the ransom
3.      Run a scan using Internet security software
4.      Use ransomware decryptors to decrypt the files.
In order to decrypt some of the known encrypted extensions Kaspersky has released the decryptors.
Please check this link to get the decryptors  click here.
According to the encrypted extensions we can get the decryptors.
In recent days all security software companies started investing on rescuing the victims from Ransomware attack.
5.      Microsoft has given an in-built option to save our important data from Ransomware attack.
Just follow these steps to enable the protection against Ransomware:
a.      Click on start menu
b.      Type Windows Security or this can be navigated through Settings à Update & Security àWindows Security.
c.      After opening Windows Security, click on Virus & Threat Protection option.
d.      Scroll down and locate Ransomware Protection and click on the Manage ransomware protection option.
e.      On the next page, you will find a brief description of Controlled folder access and a toggle to enable it.
f.       To enable Ransomware Protection. turn on Controlled Folder Access and login to OneDrive so that both features are enabled 
g.      You can now configure Controlled Folder Access and choose any folder you want to monitor and block from malicious programs.
6.      Restore files from the backups.

Ransomware Prevention:

1.      Never click on unverified links.
2.      Do not open untrusted email attachments.
3.      Only download from sites you trust / trusted sites.
4.      Avoid giving out the personal data.
5.      Use mail server content scanning and filtering.
6.      Never use unfamiliar USBs
7.      Keep your software and OS updated
8.      Beware of public Wi-Fi connection
9.      Use security software (Anti-virus) and should be updated.
10.   Backup your data, periodically in trusted device or cloud service.



Tags

Comments

Post a Comment

Please do not use any spam link in the comment box