You've heard of ransomware, you know that it renames and encrypts your files, but do you know what it can actually do to your computer? Yes, ransom malware like CryptoWall, CryptoLocker or CTB Locker show no sign of abating and the more you know about what they can do, the more likely you will be to protect yourself from their threat. And that can only be a good thing!
Ransomware is just about one of the worst things you can have installed on your PC. Malware programmers utilize them for a number of reasons. The main reason, of course, is to encrypt your files and then ask you to pay the ransom which could be $500 or even more. Some users said they had to pay thousands of dollars in order to get files back. Cyber crooks attack companies as well and usually demand impressive amount of money. Very often, ransomware comes bundled with Trojan horses. Trojans might steal your personal information, passwords and bank details by installing a keylogging component on your machine. They are also able to steal data directly from your hard drive or by diverting data before it's reached your server. Other Trojan Horses are created so the programmer is able to take control of your computer, turning it into a sort of clone, or zombie machine, which they will then use to carry out further malicious or illegal actions against other computer users. Such sophisticated malware not only encrypts your files but can also steal your personal information.
Here's an example of Excel files that were renamed and encrypted by CTB Locker ransomware. As you can see, this ransomware uses random extension .mmvkhja. Therefore, these files are simply Excel files that have been encrypted so that you couldn't open them.
Please note that ransom Trojans encrypt files with various extensions.
And if that wasn't enough, how about the ransom malware who download even more malicious software onto your PC, turning it into a malware maelstrom of nightmarish proportions? Or those which have been designed purely with the intention of causing chaos on your computer by corrupting data, deleting files and modifying your operating system.
Do we need to go any further to convince you that protecting your computer against ransom malware and being vigilant when you're online is an absolute necessity? Whatever the intentions of someone using ransomware and Trojans – whether it's for twisted fun or personal gain - you need to protect yourself at all costs.
So just HOW do you protect your PC from ransomware? There are a number of surprisingly easy steps that you can take – here are just five of the simplest ones that we suggest you adopt today.
- Back up your files. It's one of the most important steps you can take toward protecting your files.
- Don't open links or attachments in emails if you don't recognize the sender. The same goes for instant messages – ransomware programmers love trying to tempt you through spam mails and messages.
- Make sure your messenger apps are configured so that they do not open automatically when you log on to your PC.
- Don't run the .exe file extension in Windows, as Trojans often exploit this. If you need to, make certain that you trust the source.
- Finally – and crucially - keep your security software fully up to date. That includes both your anti-malware program and any security patches that are released for the software programs you have installed on your computer.
How to decrypt and restore your files?
The first and best method is to restore your data from a backup. If you have been performing backups, then you should use your backups to restore your data. If you don't have backups then you can try Windows file restore program. Some ransom Trojans make copies of your files before encrypting them. Windows might store certain information that can help you to restore at least some of your files. Read the removal guide below to learn how to use Windows restore program. Then there's a program called Shadow Explorer. It's completely free and can help to restore your files via Shadow Volume Copies that are in some cases stored on your hard drive. Please note that some ransomware programs attempt to delete any Shadow Volume Copies on your computer, but sometimes they fails to do so and you can use them to restore your files. For more information on how to restore your files via Shadow Volume Copies, please follow the steps in the removal guide below. If you have any questions, please leave a comment below.
Last, but not least, if there's anything you think I should add or correct, please let me know. It might be a pain but the issue needs to be dealt with – and the way to do it is by not giving in, not paying up and not letting the attackers win.
Step 1: Removing ransomware and related malware:
1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.
2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.
That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.
Step 2: Restoring files encrypted by ransomware virus:
Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.
Method 3: Using the Shadow Volume Copies:
1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.
2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.
3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.
Hopefully, this will help you to restore all encrypted files or at least some of them.
No comments:
Post a Comment