Ransomwhere is one of the most damaging malware types out there. Unlike it is with other types of malware, the consequences of cyberattack are not mended after removal of the infection. Any files that ransomware has encrypted remain unusable.
However, if you have been infected by one of those viruses, not all is lost. Some ransomware makers have decided to stop practicing cybercrime and have publically released their decryption keys. Among them is previously uncrackable TeslaCrypt.
However, you don't have to rely on ransomware authors to release their master keys when they feel like it. As cybersecurity industry becomes more familiar with this type of malware, antivirus manufacturers get better in detecting various ransomware signature patterns, which allows them to release decryption tools for their customers. This is mainly due to various weaknesses in the encryption algorithms in ransomware.
Therefore, if you have been unfortunate enough to suffer a ransomware attack and have your files encrypted, there could be a way out without paying the ransom. Just find out what you have been infected by and see if solution exists for your type of infection. If this isn't obvious, entering symptoms or text snippets from the ransom message into Google would be a good start.
Having said that, there are several ransomware types out there that haven't been cracked yet. If your machine has been infected by one of those, there are only two options: wait for the fix to be available (which may never happen) or pay the ransom. Therefore, the best cure is prevention.
These are the best steps you can follow to prevent ransomware infection or to significantly minimise the damage if it does occur:
1) By far, the best method of protecting against ransomware is to assume that any potential user of a particular computer or any other computer in a network may be susceptible to social engineering used by cybercriminals. Therefore, update the most important documents on a non-network external storage on regular basis. Network drives or any storage drives that happen to be connected to an infected machine will also have their files encrypted, therefore ensure that the back-up drive is physically disconnected once the backup process is complete.
2) Read about the best cybersecurity practices and spread the knowledge within your organisation. Don't click on the links or open any attachments in unsolicited emails. Carefully check the URL of any web forms before entering login credentials on them. Don't navigate to any sites you don't trust. Don't download any software, unless you definitely need it and can verify that the download comes from a trustworthy web page.
3) Have a copy of your most important documents and change the file extensions to either something random or something that would make the files look like executables (e.g. .dll, .exe, etc.). Ransomware would look for all files with specific file extensions, as it would be within the best interest of ransomware authors to keep your system fully operational. Most ransomware target documents (e.g. .docx and .pdf), media files (e.g. .mp3 and .avi) and various files used by professionals (e.g. .cs and .html). Therefore, any operating system components or files with random extensions are likely to remain intact after an attack.
For more information, follow this link:
Published by Mobile Tech Tracker
Posted on 31 Oct 2016