Categories
Security

How to remove a ransomware that affects your business

Ransomware viruses  are a threat to many businesses and individuals. This type of virus relies on encrypting important files on a computer or computer network to make them inaccessible to their owners. Your goal is to get a financial reward (usually in bitcoins) to get your computer operational again.

When you get infected with ransomware the virus does is encrypt important files so that you can not open them. Encrypts personal files and folders (documents, spreadsheets, images, and videos). The original files are deleted once encrypted. Users are usually found with a text file with instructions to make the payment in the same folder as the new inaccessible files.

History of his birth

In 1989  the TROJAN AIDS (also known as “PC Cyborg”), written by Joseph Popp, is the first known ransomware. It was a Trojan that replaced the AUTOEXEC. BAT, which would then be used by AIDS to count the number of times the computer has been started. AUTOEXEC. BAT is the name of a system file that originated in the MS-DOS operating system.

Already in 2005 a ransomware focused on extortion makes its appearance. Efforts are already focused on obtaining a financial reward. In  mid-2006,worms like Gpcode, TROJ. Ransom. A, Archiveus, Krotten, Cryzip, and MayArchive begin to use more complex RSA encryption schemes, increasing the size of the keys.

In 2011  a ransomware worm appears that mimics the Windows Product Activation notice. In  2013  a ransomware worm based on the Stamp.EK exploit kit and a ransomware specific to Mac OS X. CryptoLocker manages to raise around $5 million in the last four months of the year enters the scene. In 2015 more variants appear that cause greater damage on multiple platforms.

Locking your computer

Some, but not all types of encryption software, display a ‘lock screen’:

ransomware

This screen reports that important documents have been encrypted with a unique key, generated for that orderer himself. The decryption key is secure on an internet server and no one can decrypt it until you pay and get that key.

The No More Ransom project

The No More Ransom portal was launched in July 2016 by four founding partners:  Europol EC3  (European Cybercrime Centre),  Politie  National High Tech Crime Unit of the Netherlands Police,  Kaspersky  and  McAfee. The security services of most of the countries are part of the partners of this project as can be seen in https://www.nomoreransom.org/es/partners.html.

Law enforcement and tech companies have joined forces to try to prevent the operations of cybercriminals who make use of ransomware.

The No More Ransom portal aims to help ransomware victims recover their encrypted data without having to pay the criminals. Since it is much easier to avoid the threat than to reverse it once a system has been affected, the project also aims to educate users about how ransomware works and inform about what countermeasures can be taken to effectively prevent an infection. Unity makes strength.

How to avoid a ransomware attack

There are a number of simple steps that allow you to avoid this type of attack:

  1. Make a regular backup of your important files.  If you have a system to recover your files after a ransomware infection is a way to prevent it. You re-check those files and upload a copy from a day before or a few days before. You can do it in several ways: copy your files in two clouds, that way you have a double check. You can also burn the files to an external hard drive from time to time.
  2. Have antivirus software to protect your system fromthe . Do not disable heuristic detection as this helps to capture ransomware samples that have not yet been formally detected.
  3. Keep your PC’s software up todate. It’s always a good idea to have your computer’s operating system updated. But not only of the computer, any electronic device that has updates must be activated and better yet, if it has automatic updates you have to enable them.
  4. Don’t trust anyone.  Anyone can compromise their data and yours, so even if it’s your best friend don’t trust. Don’t open suspicious files.
  5. Activates the option to display file extensions in the Windows settings menu.  It is a very suitable way to discover the type of file you are opening. Beware of extensions like ‘.exe’, ‘.vbs’, and ‘.scr’. Scammers can use various extensions to camouflage a malicious file such as a video, photo or document.
  6. If you discover any suspicious process on your computer, immediately disconnect it from the internet or other network connections (such as home WIFI). Common sense is important to prevent an infection from spreading.

Ways to Remove Ransomware Threat

The website offers a catalog of known Ransomware viruses and how to get vaccinated against them. It is in continuous change since new versions of this type of virus tend to come out very often. They are mutating to adapt to the security measures that are implemented.

For example, a famous ransomware virus called Wannacry  there is a simple prevention to prevent it which is to disable the SMBv1 service and install the latest microsoft security patches. Both actions will help prevent malware from spreading over the network. You have more information  here.

Decryption Tools

The decryption tools can be found here -> https://www.nomoreransom.org/es/decryption-tools.html. Before downloading and installing the solution it is very important to read the instructions. Once removed it is important to confirm that the virus is no longer on your system, because otherwise it will be reactivated. Any reliable antivirus solution should be enough for this.

You can find more information in https://avertigoland.com/2021/06/computer-virus-and-their-dangers/.

Leave a Reply