Ransomware: don't panic! Emergency steps and know-how.

L

LabZero

Thread author
Hey guys.

This information is primarily for basic/average users but the panic can affect all of us and ... freshening isn't bad:)

Emergency steps!

1) Switch off the computer on which appeared the ransom alert and turn off all other computers on the same network. Don't waste your time. The computer on which the alert should be turned off by unplugging the electric cable, brutally without spending time because the normal shutdown process can be blocked and in this case it is important to the risk management: that computer is probably trying to infect other computers on the network. If you don't want to multiply the problem, isolate it as fast as you can.

2) If you have a backup of the data on a hard drive connected to a network, disconnect it immediately by unplugging the cable or turning off the Wi-Fi. Many ransomware explore local area network and attempt to infect and encrypt all connected devices.

3) Don't turn on anything until you have disconnected the cable connection to the local network or turn off the Wi-Fi to maintain isolation and until an expert can check your PC.Do not delete anything from the affected computers.


How to fix

I'm sorry: If you are not experienced and provident, you can't fix It (and if you have been infected by a ransomware, it's probably because you're not experienced enough and you're not quite provident). Keep in mind that these ransomware are written by professionals in the crime: they know what they are doing.
If you have a backup copy of all your essential data, you can disinfect your PC (or restore your OS image) and restore the data from this copy. If you haven't, now you know why we recommend always having at least one!!

Should I pay?

No! If you pay doesn't mean that you will get the password to unlock your data because they are criminals and paying, you favorite this crime.
Of course it depends on the value of the data but that is why they must be secured.

What prevention?

The best prevention is a backup plan of all essential data and keep it physically isolated from the Internet and the local network. Avoid permanent local network connected backup solutions: they would be infected and made unusable.
Keep your computer updated is critical! Most zero-day ransomware exploits flaws in Flash, Java, browsers and Windows. If possible, however, Flash must be removed or disabled, because it's a colander despite continuing updates.
Antivirus is not invulnerable: It will block some ransomware by signature or BB but will not recognize those FUD.
Support a specific Anti ransomware as Malwarebytes Anti ransomware (BETA), Bitdefender Anti ransomware, etc and Anti-Exploit as EMET or Malwarebytes Anti-Exploit.
Use Mac OS or Linux instead of Windows reduces the risk because most ransomware is written for Windows, but it does not mean that an Apple user or Linux can be considered immune: some ransomware are written in Java, which work on all operating systems that support Java.
It is important to be wary of attachments. Even if the sender is someone we know, if the attachment is unexpected or if the message text is not in the style of the sender is usually, best not to open attachments, even when it comes to PDF or ZIP files (always check the real file extension). Ransomware often bypass the defenses by stealing mail address books, whereby the victims receive infected mail from addresses of people they know and trust. Before opening any attachment you better stop and think: Uhm...there's something fishy??
Only visit trusted sites and relevant to the work is a good caution, but does not mean being 100% safe.

And common sense

Ransomware is always the problem of someone else until it hits us!

Stay Safe :)
 

Rishi

Level 19
Verified
Honorary Member
Top Poster
Well-known
Dec 3, 2015
938
Very well written article, I could not emphasize the need to practise browsing hygiene and caution. Emails have specially been targetted so that is a point well made. I remember a critical filename spoofing bug in Rar 4.20 which was exploited actively by hackers, similarly vulnerabilities have been known to exist in PDF and office docs in the past as well.Best way is to keep software updated and use Google viewer or sandbox for home user.
 
Last edited:

shukla44

Level 13
Verified
Top Poster
Well-known
Jan 14, 2016
601
I have applied all the ramsomware protection that i can think of. I have EMET 5.5 installed. I don't use flash.

Plus applied this setting in Kaspersky total security after seeing that Kaspersky failed in Boot-time protection test against ramsomware.

One thing is bothering me: There are 4 settings in Low restricted application mode in kaspersky. I have applied these settings
ateuuUs.jpg

Are these OK? Should i block the 'read' rights too?
 
Last edited:

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
I have applied all the ramsomware protection that i can think of. I have EMET 5.5 installed. I don't use flash.

Plus applied this setting in Kaspersky total security after seeing that Kaspersky failed in Boot-time protection test against ramsomware.

One thing is bothering me: There are 4 settings in Low restricted application mode in kaspersky. I have applied these settings
ateuuUs.jpg

Are these OK? Should i block the 'read' rights too?
Sure! I have this settings in my system for several months, but I was quite more paranoid (of course :D) to apply the restrictions than that article (oriented for standard users and not bother them too much with prompt warnings or blocked applications)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top