Quick Tips to Prevent Ransomware (and what to do if you get hit)

Over the last two years there has been a growing number of Ransomware attacks happening all over the world. We should learn of the dangers and how to avoid getting affected by it.

A quick definition of Ransomware is that it is a form of malicious code deployed by attackers to vulnerable workstations or servers. The intention is to encrypt your files and prevent you from opening them unless a ransom is paid. There are also cases which involve locking you out of the computer entirely.

The only way to decrypt or make your files usable again is to pay the attacker thru the form of Cryptocurrency such as Bitcoins. We do not advise paying the attackers as there is no guarantee that they will decrypt the files and worse, this will help fund the criminal organizations continued attacks on others.

Quick tips to avoid Ransomware:

• Never open suspicious email attachments or links inside – The most common exploit.
• Disable Macros in Microsoft Office.
• Use a Virtual Private Network (VPN) when remoting in to your work computer.
• Install an Antivirus with real-time protection and regularly update the definitions.
• Regularly apply Operating System and security updates to your computer.
• Do not visit suspicious websites. Websites with gambling, adult material, and free online gaming sites are risky.
• Be cautious when downloading files from Torrent sites.
• Refrain from installing illegal or pirated software. They could be modified to include malicious code or Malware disguised as key generators.
• Maintain a regular backup your important files. Make sure to do a test restore from backups.

How can you tell if you have Ransomware?

You won’t be able to open the files you work with. This includes Documents, Photos, Spreadsheets, PDF’s, etc. It is easily noticeable, however there are cases where the user is unaware of the situation.

There is also a ransom popup telling you how to pay in Bitcoins.

The file extension will change from .docx or .xlsx to something different like “.LOCKY” or weird random characters.

What should you do?

• Disconnect the PC from the network immediately. Unplug the network cable or disconnect from Wi-Fi.
• Immediately contact Clear Concepts at 1-866-943-4777.

Ransomware Removal Suggestions

Here are some steps you could try to remove it from your computer. I recommend doing them in order and please proceed only if you are technically aware of what you are doing. If unsure, shutdown the computer and seek professional help as you may cause further damage to your system.

1. Download and Run RKill. This will stop the ransomware services running in the background.
2. Download and install Malwarebytes. The free home version does the job well.
3. Run a Threat Scan using Malwarebytes. Clean the threats found. Repeat this until it returns no infections.
4. Download and Run ADWCleaner.

Keep running the tests until it tags your system as clean.

There are free tools that can be found on the Internet to decrypt your files. However not all Ransomware can be decrypted, especially the recently released ones.

If the threats are still present, it is best to contact your IT solutions provider for further assistance.

Help Restoring from Backup

Assuming you successfully removed the Ransomware, it is now time to restore from your backups.

Launch the backup software and follow the documented restore process.

Two options:

• Overwrite the encrypted files using your backup copy.
• Move the encrypted files somewhere isolated and restore your backup. You can do this if your backups are outdated and you are hoping for a free decrypting tool in the future.

Ensure that the system is clean before plugging it back into the network.

Now that the system is clean, make sure all encrypted files are removed or relocated to a different location. This is done to avoid confusion and to assess how much data was affected and if the restore was 100% successful.

Ransomware can be avoided. If unsure of the links or attachments you need to open, ask for assistance. If already infected, call Clear Concepts immediately. The impact can be minimized if it is detected as soon as it hits the first system.

Clear Concepts has a wide range of tools and services available to help prevent ransomware. Feel free to contact me for advice.