L
LabZero
Thread author
Hey guys.
This information is primarily for basic/average users but the panic can affect all of us and ... freshening isn't bad
Emergency steps!
1) Switch off the computer on which appeared the ransom alert and turn off all other computers on the same network. Don't waste your time. The computer on which the alert should be turned off by unplugging the electric cable, brutally without spending time because the normal shutdown process can be blocked and in this case it is important to the risk management: that computer is probably trying to infect other computers on the network. If you don't want to multiply the problem, isolate it as fast as you can.
2) If you have a backup of the data on a hard drive connected to a network, disconnect it immediately by unplugging the cable or turning off the Wi-Fi. Many ransomware explore local area network and attempt to infect and encrypt all connected devices.
3) Don't turn on anything until you have disconnected the cable connection to the local network or turn off the Wi-Fi to maintain isolation and until an expert can check your PC.Do not delete anything from the affected computers.
How to fix
I'm sorry: If you are not experienced and provident, you can't fix It (and if you have been infected by a ransomware, it's probably because you're not experienced enough and you're not quite provident). Keep in mind that these ransomware are written by professionals in the crime: they know what they are doing.
If you have a backup copy of all your essential data, you can disinfect your PC (or restore your OS image) and restore the data from this copy. If you haven't, now you know why we recommend always having at least one!!
Should I pay?
No! If you pay doesn't mean that you will get the password to unlock your data because they are criminals and paying, you favorite this crime.
Of course it depends on the value of the data but that is why they must be secured.
What prevention?
The best prevention is a backup plan of all essential data and keep it physically isolated from the Internet and the local network. Avoid permanent local network connected backup solutions: they would be infected and made unusable.
Keep your computer updated is critical! Most zero-day ransomware exploits flaws in Flash, Java, browsers and Windows. If possible, however, Flash must be removed or disabled, because it's a colander despite continuing updates.
Antivirus is not invulnerable: It will block some ransomware by signature or BB but will not recognize those FUD.
Support a specific Anti ransomware as Malwarebytes Anti ransomware (BETA), Bitdefender Anti ransomware, etc and Anti-Exploit as EMET or Malwarebytes Anti-Exploit.
Use Mac OS or Linux instead of Windows reduces the risk because most ransomware is written for Windows, but it does not mean that an Apple user or Linux can be considered immune: some ransomware are written in Java, which work on all operating systems that support Java.
It is important to be wary of attachments. Even if the sender is someone we know, if the attachment is unexpected or if the message text is not in the style of the sender is usually, best not to open attachments, even when it comes to PDF or ZIP files (always check the real file extension). Ransomware often bypass the defenses by stealing mail address books, whereby the victims receive infected mail from addresses of people they know and trust. Before opening any attachment you better stop and think: Uhm...there's something fishy??
Only visit trusted sites and relevant to the work is a good caution, but does not mean being 100% safe.
And common sense
Ransomware is always the problem of someone else until it hits us!
Stay Safe
This information is primarily for basic/average users but the panic can affect all of us and ... freshening isn't bad
Emergency steps!
1) Switch off the computer on which appeared the ransom alert and turn off all other computers on the same network. Don't waste your time. The computer on which the alert should be turned off by unplugging the electric cable, brutally without spending time because the normal shutdown process can be blocked and in this case it is important to the risk management: that computer is probably trying to infect other computers on the network. If you don't want to multiply the problem, isolate it as fast as you can.
2) If you have a backup of the data on a hard drive connected to a network, disconnect it immediately by unplugging the cable or turning off the Wi-Fi. Many ransomware explore local area network and attempt to infect and encrypt all connected devices.
3) Don't turn on anything until you have disconnected the cable connection to the local network or turn off the Wi-Fi to maintain isolation and until an expert can check your PC.Do not delete anything from the affected computers.
How to fix
I'm sorry: If you are not experienced and provident, you can't fix It (and if you have been infected by a ransomware, it's probably because you're not experienced enough and you're not quite provident). Keep in mind that these ransomware are written by professionals in the crime: they know what they are doing.
If you have a backup copy of all your essential data, you can disinfect your PC (or restore your OS image) and restore the data from this copy. If you haven't, now you know why we recommend always having at least one!!
Should I pay?
No! If you pay doesn't mean that you will get the password to unlock your data because they are criminals and paying, you favorite this crime.
Of course it depends on the value of the data but that is why they must be secured.
What prevention?
The best prevention is a backup plan of all essential data and keep it physically isolated from the Internet and the local network. Avoid permanent local network connected backup solutions: they would be infected and made unusable.
Keep your computer updated is critical! Most zero-day ransomware exploits flaws in Flash, Java, browsers and Windows. If possible, however, Flash must be removed or disabled, because it's a colander despite continuing updates.
Antivirus is not invulnerable: It will block some ransomware by signature or BB but will not recognize those FUD.
Support a specific Anti ransomware as Malwarebytes Anti ransomware (BETA), Bitdefender Anti ransomware, etc and Anti-Exploit as EMET or Malwarebytes Anti-Exploit.
Use Mac OS or Linux instead of Windows reduces the risk because most ransomware is written for Windows, but it does not mean that an Apple user or Linux can be considered immune: some ransomware are written in Java, which work on all operating systems that support Java.
It is important to be wary of attachments. Even if the sender is someone we know, if the attachment is unexpected or if the message text is not in the style of the sender is usually, best not to open attachments, even when it comes to PDF or ZIP files (always check the real file extension). Ransomware often bypass the defenses by stealing mail address books, whereby the victims receive infected mail from addresses of people they know and trust. Before opening any attachment you better stop and think: Uhm...there's something fishy??
Only visit trusted sites and relevant to the work is a good caution, but does not mean being 100% safe.
And common sense
Ransomware is always the problem of someone else until it hits us!
Stay Safe