Ransomware attacks are on the rise. This will infect your computer’s files, locking them, then the cyberattacker demands a ransom to unlock the malicious code they’ve installed (a.k.a. data abduction). It can also launch a “lockscreen attack” that will change login credentials. You’ll be notified that you’ve been attacked by a pop-up message with instructions you must follow to decrypt your files. Herein you’ll also be instructed how to make payment in virtual currency, which helps protect the attackers’ identities.
How Ransomware Affects Your Files
Stellar says there are many ways in which a ransomware attack can spread, including:
- Infected software applications or external data storage devices
- Compromised websites
Different Types of Ransomware
Some of the most common types of ransomware include:
- Cryptolocker: Encrypts files with a specific extension and unmapped network drives
- Cryptowall: Distributed via spam and once opened it’s copied into your folders, encrypting them
- CTB Locker: Encrypts files with ECC
- Tesla Crypt and Locky: A phishing attempt that can encrypt many types of files
- Torrent Locker: Another phishing attempt, this time using the AES encryption algorithm
- Wanna Cry: This is the most damaging, encrypting data and demanding a Bitcoin ransom in the ‘!Please Read Me!.txt’ file.
What to do When you Have a Ransomware Attack
Although an attack is scary, there are some things you can do to help yourself once you’ve been attacked. These include:
- Don’t pay the ransom! Doing so won’t guarantee that your files will be unlocked or decrypted.
- Only downloading software apps from trusted sources
- Running “Windows Update”
- Making sure to use the latest version of anti-virus
- Scanning your computer regularly for anything malicious – set up auto scan so you don’t forget
- Backing up your system’s important information
- Ignoring any pop-ups requesting a ransom
- Being alert to phishing emails
- Installing a ransomware decrypt tool
- Updating security patches
- Running yearly tests against your network’s security
Files infected with the Wanna Cry ransomware will be the most difficult to recover because they’ve been overwritten with general information and deleted. The way Wanna Cry works is by copying your original file then encrypting it by deleting this original file.
A great option is the Stellar Windows Data Recovery tool. This will effectively eliminate any potential risk you may face and successfully recover most of your infected data – including any of your original files that were encrypted by Wanna Cry. This will also help you to:
- Recover your files (including multimedia) and documents simply by connecting your hard drive to the system externally. You can even preview files before recovering them. This is great because it means you can save a lot of time by discarding unimportant ones.
- Restore any emails and their content (e.g. dates, attachments, entries, contacts, files, folders) that are saved in your database.
- Since your data has been encrypted, it’ll be difficult for you to use the standard scanning processes to scan for it. However, with the Advanced Scan and RAW Recovery features, you’ll be able to easily search for your files so that you can then recover them.
Train Your Employees About Security
Ransomware can get into your network in various ways, but phishing attacks are by far the most popular. Employees will unknowingly click on links that open the wrong attachment, giving ransomware a foothold from which to rapidly spread across your network. This is why CSO says it’s so important to make sure all your employees are properly trained when it comes to security.
Update, Patch, and Configure Things Properly
Good endpoint security hygiene is critical. Cybercriminals actively search for vulnerabilities and misconfigurations to exploit so they can gain access to your network. You don’t want to make this easy for them so regularly update your devices and systems with the latest security patches. Never use default configurations and always disable unused features.
Continually Assess Your Vulnerability
Cybercriminals are looking for easy ways to conduct their activities, which is why they’ll actively exploit any known vulnerabilities popular software has. Make sure your security system always has the latest updates.
Implement Ways of Detecting Intrusions
Create a system that recognizes the signs of a ransomware attack, which include:
- Communicating with bad actors
- Sending data via covert channels
- Disabling firewalls and antivirus software
- Making suspicious updates to policies
- Conducting unscheduled scans
- Failing to update the system
When spotted in time you can quarantine an infected system before it spreads the malware.
Continually Improve Your Threat Intelligence
Real-time monitoring will give you a clear picture of your security. Unfortunately, a monitoring tool is only as good as the information it’s given. This is why you need the latest threat intelligence information – so you can quickly catch an attack and prevent it from spreading. Your security software also needs to be armed with up-to-date information. This is why AI and machine learning are now being used as a second set of eyes.