Dealing with ransomware threat and attacks
If you have been following computer security issues, you would have surely by now heard of the term Ransomware and the chaos it is causing among computer users all over the world. Individuals, Corporates, Hospitals, Hotels, Education Institutions and so on – many have fallen prey to this form of malware. The incidence of Ransomware is on the rise, with Tescrypt, Crowti, Fakebsod, Brolo being among the most prevalent ransomware families today. Among the top affected countries are the United States, Italy, Canada, UK and Spain.
What is Ransomware?
In simple words, Ransomware is a type of malicious software or computer virus that attacks your computer, locks up your data or even your computer itself, and then demands money to allow you access to your data or computer. The money is usually demanded in Bitcoins, which is a form of Internet currency.
Security researchers say that the most common way for ransomware to get into your computer system is when you click on malicious email attachments from unknown senders, install pirated software or visit suspicious websites. It can get into your computer via drive-by-downloads or socially engineered malware, as well. Once the virus infects your computer and blocks access to your data or computer; there is little you can do, unfortunately!
Ransomware attacks – Precautions to take
We decided to talk to Windows expert Anand Khanse who runs the popular tech site TheWindowsClub.com, what he felt was the best way for home users to prevent their computers from being infected by Ransomware-
Apart from using a good security software, the only way to stay protected is to have backups of all your data. So back up your data to an external hard drive frequently. In the eventuality of your machine getting compromised, you can simply format your computer, reinstall Windows and restore your data from your backups.
Talking about prevention steps to take, he says-
Take sufficient precautions before downloading any email attachments from unknown senders, or while clicking on web links. There are several other precautions you could take, like keeping your OS & installed software up to date, disabling the Remote Desktop feature if you do not use it, and installing a good antivirus along with an anti-ransomware software.
How do you know if your PC is infected with Ransomware?
There are two types of Ransomware, says Khanse.
One called Encryption ransomware, which locks up your data and the other called Lock screen ransomware, which locks you out of your computer itself.
You know that your computer has been infected with Ransomware if you find yourself being locked out of your computer and greeted with a screen asking you to pay a ransom amount for access.
If you are able to log into your PC but find that all your data files have changed their file extensions to a single one and you are unable to open any of them, you can be sure that some ransomware has encrypted and locked all your data.
There have been reports of some ransomware even going to the extent of rendering your antivirus software ineffective and disabling critical functions like Startup Repair, System Restore, Windows Update, Windows Shadow Copies and more.
What can you do if Ransomware has infected your computer?
The first thing you want to do is to disconnect your computer from the Internet, and from a Network, if it is part of one.
If you have backups, you will have to format and reinstall Windows OS and then restore your backed up data.
If you do not have backups, you will need to identify the ransomware which has taken your PC hostage and then search and see if a decryptor tool is available for it. A traditional antivirus software may not be of much help here.
The Windows Club has compiled a list of Ransomware Decryptor Tools that can help you decrypt & recover your locked data. Download the run, read the instructions that accompany it and run the tool. It will decrypt your data and make it available to you again.
If no tool is available, then the only option left to you is to either pay the ransom or reformat your Windows. That is a decision you will have to take.
Having done this, we would urge that you contact the cybercrime cell or the local Police station in your city and state your case to them.
One word of caution for non-Windows OS users. Don't be complacent! If you think that it is only Windows computers that are affected by this form of malware, you are mistaken. Ransomware is known to infect even MBR’s, Web servers, Android and iOS devices - and now even IoT devices!
Disclaimer: The views expressed are that of the author and do not necessarily represent the views of Deccan Chronicle Holdings Ltd.