JM Safe

Level 38
Verified
Hello guys,

Nowadays ransomware threats are really popular and infect a lot of PCs everyday in all over the world. The most efficient way to protect us from ransomware is using for example a good AV with BB or HIPS or instead a default deny software. But there are also methods to understand if a ransomware is encrypting our files: look for numerous renaming operations (especially with suspicious extensions), resource hog, or even files icons that become blank (because they are renamed). If you encounter this type of malware: turn OFF internet connection, and try to to kill the suspicious process immediately with advanced process managers like Process Hacker. Fortunately for most of ransomware there is the decryptor (for example: Ransomware Decryption Tools Collection thanks @BoraMurdar ) (but NOT FOR ALL!).

Thanks guys and please write your opinion! :)
 
Last edited:

stepseven84

Level 7
Verified
Thanks for these tips, surely valid for advanced users. The average user doesn't use tools like Process Hacker, really very useful.
Unfortunately, some ransomware will not show visible processes or it is impossible to kill them.
Always set up a good backup plan is a must.
 

JM Safe

Level 38
Verified
Thanks for these tips, surely valid for advanced users. The average user doesn't use tools like Process Hacker, really very useful.
Unfortunately, some ransomware will not show visible processes or it is impossible to kill them.
Always set up a good backup plan is a must
I agree with you. I think more users should use more advanced process managers than only the simple Windows task manager.
 

TairikuOkami

Level 23
Verified
Content Creator
Before you realize, what is happening, it is usually over, even if you have know-how, there are not many like the one pretending to be chkdisk. When I was testing wannacry, it encrypted/scanned all my files within seconds, that is the advantage of testing in a real environment compared to VM.
 
  • Like
Reactions: Weebarra

JM Safe

Level 38
Verified
Before you realize, what is happening, it is usually over, even if you have know-how, there are not many like the one pretending to be chkdisk. When I was testing wannacry, it encrypted/scanned all my files within seconds, that is the advantage of testing in a real environment compared to VM.
Unfortunately when a ransomware starts to encrypt is, sometimes, impossible to stop it, in particular if a ransomware uses Windows routines.