How to recognize ransomware behaviour

J

JM Safe

Level 39
Thread author
Verified
Top Poster
Apr 12, 2015
2,882
Hello guys,

Nowadays ransomware threats are really popular and infect a lot of PCs everyday in all over the world. The most efficient way to protect us from ransomware is using for example a good AV with BB or HIPS or instead a default deny software. But there are also methods to understand if a ransomware is encrypting our files: look for numerous renaming operations (especially with suspicious extensions), resource hog, or even files icons that become blank (because they are renamed). If you encounter this type of malware: turn OFF internet connection, and try to to kill the suspicious process immediately with advanced process managers like Process Hacker. Fortunately for most of ransomware there is the decryptor (for example: Ransomware Decryption Tools Collection thanks @BoraMurdar ) (but NOT FOR ALL!).

Thanks guys and please write your opinion! :)
 
Last edited:
  • Like
Reactions: vtqhtr413, Black Wings, harlan4096 and 5 others
J

JM Safe

Level 39
Thread author
Verified
Top Poster
Apr 12, 2015
2,882
stepseven84 said:
Thanks for these tips, surely valid for advanced users. The average user doesn't use tools like Process Hacker, really very useful.
Unfortunately, some ransomware will not show visible processes or it is impossible to kill them.
Always set up a good backup plan is a must
Click to expand...
I agree with you. I think more users should use more advanced process managers than only the simple Windows task manager.
 
  • Like
Reactions: vtqhtr413, harlan4096, Weebarra and 2 others
TairikuOkami

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,479
Before you realize, what is happening, it is usually over, even if you have know-how, there are not many like the one pretending to be chkdisk. When I was testing wannacry, it encrypted/scanned all my files within seconds, that is the advantage of testing in a real environment compared to VM.
 
  • Like
Reactions: Weebarra
J

JM Safe

Level 39
Thread author
Verified
Top Poster
Apr 12, 2015
2,882
TairikuOkami said:
Before you realize, what is happening, it is usually over, even if you have know-how, there are not many like the one pretending to be chkdisk. When I was testing wannacry, it encrypted/scanned all my files within seconds, that is the advantage of testing in a real environment compared to VM.
Click to expand...
Unfortunately when a ransomware starts to encrypt is, sometimes, impossible to stop it, in particular if a ransomware uses Windows routines.
 
  • Like
Reactions: Weebarra, TairikuOkami, harlan4096 and 2 others

Similar threads

Shadowra
    • +Reputation
    • Like
Malware News StopCrypt: Most widely distributed ransomware evolves to evade detection
Replies
3
Views
986
Security News
Victor M
Victor M
nicolaasjan
    • Like
    • Applause
    • +Reputation
Malware News New decryptor for Babuk Tortilla ransomware variant released
Replies
0
Views
927
Security News
nicolaasjan
nicolaasjan
vtqhtr413
    • Like
    • +Reputation
Security News New Black Basta decryptor exploits ransomware flaw to recover files
Replies
0
Views
1,393
Security News
vtqhtr413
vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top