Recovering From Ransomware

 

recovering from ransomware

Ransomware is a special type of malware that is actively spreading across the internet today threatening to destroy victim’s documents and other files. Ransomware is just one of many different types of malware which has become very common because it is so profitable for criminals.

Ransomware is commonly spread by emailing victims and tricking them into opening an infected attachment or clicking on a link to the attacker’s website. Once this particular type of malware infects your computer it will start encrypting your files or your entire hard drive. You are then locked out of your entire system or cannot access your important files. The malware will inform you that the only way to unlock your system to recover your files is to pay the cyber criminal a ransom to provide you with a password to decrypt your information. Most often the ransom is paid in some form of currency such as Bitcoin.

Should You Pay the Ransom?

The problem with paying the ransom is that often people pay these criminals when they are infected which motivates criminals to infect others. Though you may not have another option to recover your files, there is no guarantee you will get your files back. During the decryption process, you may be infected with additional malware. Decrypting after the ransom is paid doesn’t confirm the ransomware is removed from your device.  Ransomware can stay dormant on your device and attack again later.

Back Up Your Files

The best way to recover from ransomware without paying the ransom is to recover your files from backups. This way even if your computer is infected with ransomware you have a way of recovering files after rebuilding or cleaning up your computer. Keep in mind that if your backup can be accessed from the infected system, ransomware might delete or encrypt your backup files. Therefore, it’s important to back up files to either a reputable cloud-based service or to store your backups on external drives that are not always connected to your system. Be sure to regularly test that you can recover the files you need should your system become infected with ransomware. Backups are important as they also help you recover when you accidentally delete files or your hard drive gives out.

Further Protective Measures

  • The more current your software, the fewer known vulnerabilities your systems will have and the harder it is for cyber criminals to infect them. Therefore make sure your operating system, applications, and devices are enabled to automatically install updates.
  • Use a standard account that has limited privileges rather than privileged accounts such as administrator or root. This prevents many types of malware from being able to install themselves.
  • Cyber criminals often trick people into installing their malware for them. They might send you an email that looks legitimate and contains an attachment or a link.
  • Do not click on suspicious web browser popup windows
  • Do not open files with file extensions that are likely to be associated with malware (e.g., .bat, .com, .exe, .pif, .vbs)
  • Ensure that you have malware protection installed and do not disable malware security control mechanisms (e.g., antivirus software, content filtering software, reputation software, personal firewall) and make sure that they are continuously updated
  • Do not use administrator-level accounts for regular host operation
  • Do not download or execute applications from untrusted sources

What Do You Know About Malware?

Beware malware

Malware, also known as malicious code and malicious software, refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system or otherwise annoying or disrupting the victim. Malware has become the most significant external threat to most systems, causing widespread damage and disruption, and necessitating extensive recovery efforts within most organizations.

There are five types of malware:

  • Ransomware – Ransomware is a subcategory of malware which typically will block access to computers or data until a payment is made.
  • Trojan – A Trojan is a self-contained, non-replicating program that, while appearing harmless, actually has a hidden malicious purpose. Trojans either replace existing files with malicious versions or add new malicious files to hosts.
  • Spyware – Spyware is a type of malware used to covertly observe a user’s activity and gather information about a user without their knowledge or consent.
  • Virus – A virus self-replicates by inserting copies of itself into host programs, data files or propagating through network file sharing. Viruses are often triggered through user interaction, such as opening a file or running a program.
  • Worm – A worm is a self-replicating, self-contained program that usually executes itself without user intervention.

Signs to Look Out For:

  • Slow performance
  • Unexpected computer crashes
  • Pop-up ads (even when no browser is open)
  • Excessive hard drive activity
  • New browser homepage or toolbars
  • Unexpected Antivirus disabling
  • Lost functionality

Ways To Avoid An Attack: 

  • Do not open suspicious emails oremail attachments, click on hyperlinks, etc. from unknown or known senders, or visit websites that are likely to contain malicious content
  • Do not click on suspicious web browser popup windows
  • Do not open files with file extensions that are likely to be associated with malware (e.g., .bat, .com, .exe, .pif, .vbs)
  • Do not disable malware security control mechanisms (e.g., antivirus software, content filtering software, reputation software, personal firewall) and ensure that they are continuously updated
  • Do not use administrator-level accounts for regular host operation
  • Do not download or execute applications from untrusted sources

Viruses, Trojans, Worms… Oh My!

mktweb-502-security-page_1-viruses

Once you recognize that the word “malware” is a combination of “malicious” and “software,” the definition speaks for itself.

Cybercriminals use malware to infect and control computers and phones, in hopes of gathering sensitive data, stealing logins and passwords, displaying unwanted advertising or stealing identities.

Follow these steps to help protect your electronics from malware:

  • Enable automatic security updates
  • Beware of phishing attacks
  • Enable automatic anti-virus scans of portable media (e.g. USB sticks) with real-time protection
  • Heed anti-virus warnings
  • Never disable anti-virus software for the sake of speed, space or website access
  • Install trusted anti-virus software on your personal computers and smartphones

You can also protect your device with Norton Security products.

Mac Flashback Virus Infects 600,000: What Can You Do?

Security has often been cited as one of the big advantages Mac computers have over their Windows counterparts.

Windows users were under constant assault from viruses, Trojans, spyware, and malware of all kinds.

Mac users remained blissfully above the fray. Most never even considered buying or even installing a free computer security program.

Until last week.

Mac Flashback Virus Worldwide Outbreak Map

Where the Flashback Virus Has Spread

More than 600,00 Mac users were found to be infected with the Flashback Trojan, malware that exploits a Java security flaw to install itself on Macs. Most infected computers (56.6%) are in the U.S.

This isn’t the first Mac attack by any means. Just a year ago there was a fairly large attack called MacDefender.

But more people use Macs now and Flashback has gotten a lot of publicity, leading some to say it has, once and for all, ended Mac’s no-virus reputation.

Now for some comforting news for Mac users: though it’s a large infection, Flashback probably has only infected around 1% of Macs according to some estimates.

Secondly, Apple has already launched a couple of updates to identify and protect against Flashback, so if you get a Mac OS update notice, please don’t ignore it. You can also run your Mac’s Software Update at any time.

Keep in mind, however, that Apple’s Flashback security updates are only for OSX v10.7 and v10.6. Users with earlier operating systems who are concerned are encouraged by Apple to disable Java in their browser preferences. Here is more information about Flashback from Apple.

Though Apple is still working on a Flashback detection and removal tool, there are free 3rd party options available now.

Security vendor Dr.Web has a free online tool to check your system for the Flashback malware (specifically, Backdoor.Flashback.39). All you need to do is enter your Mac’s UUID (don’t worry, there are instructions on how to find it). Keep in mind, this is just a detection, not a removal tool.

Another security vendor, F-Secure, is offering a free tool that automatically detects and removes Flashback from your Mac. Download the free tool here and read the installation instructions.

If you are an EarthLink member and Mac user interested in ongoing protection for your computer, you can take advantage of these Special Offers on Norton Security software from our security partner Symantec.