Just recently, a new “creative” ransomware called CryptMix revealed itself in the malware family. The ransomware promises its victims to transfer their money to a children’s charity. This statement might seem like a funny joke, but most likely the victims of this virus deprived of an access to their files do not consider it funny at all. Moreover, so far it is impossible to decrypt the CryptMix with modern decryption tools.
Among all the variety of computer viruses – blockers, trojans, spyware, keyloggers – the ransomware is the most unpleasant one. Such viruses usually encode files on the hard disk of the infected computer and demand a ransom for the decryption key. In general, different types of documents can be exposed to attacks: images, presentations, texts, tables, files, and databases. But there is also another kind of malware, like a much-talked-of “Petya“, which can completely encrypt the entire hard drive.
Today, the computer is the main working tool for the majority of people. Thus, it is important to know how to protect yourself from the ransomware and how to decipher the files they damage. After all, it is extremely unpleasant for everyone to lose the work results because of a virus attack.
As for the companies, the situation is even worse. Except paralyzing the work process, the ransomware can often damage the health and well-being of the company’s clients. Not so long ago we wrote about a similar misfortune that befell the Hollywood Presbyterian Medical Center. In this case, the hospital management did not wait for the outcome of the police investigation and decided to pay hackers not to endanger the patients’ lives.
Is it worth paying to unlock the ransomware
The idea that the best way to restore the encrypted files is to pay the fraudsters was voiced in the report by an FBI officer during a forum Cyber Security Summit in 2015. But many cyber security experts do not agree with it. They rightly remind us that the “owners” of any ransomware are real criminals. And even after getting from them a “recipe” for the recovery of infected files, you should not think that you are safe.
Prevention is better than cure
It is better to think in advance how to protect against the ransomware until nothing has happened. For this purpose you should observe a few simple precautions:
- Create and maintain up to date backups of your files. It is better to have not one, but two backups of the most important information on different types of data carriers: for example, on the external hard drive and in the cloud storage. Yes, it gives a bit of bother, but the recovery of the data infected with the ransomware can make even more fuss.
- Do not fall for phishing tricks. There are three main sources of the virus infection: downloading content from pirate websites, clicking links in emails from untrusted senders, and opening files attached to such emails.
- Turning on file name extensions display in the browser settings. Since the virus is a program, files with such extensions as “scr“, “vbs“, and “exe” must be the first to raise suspicions. You should pay attention to the last letters in the file since hackers often put several successive extensions in a row trying to disguise the virus as a video or photo (sort of “super_hit.avi.exe” or “girl.jpeg.vbs“).
- Regularly update your browser, antivirus software and the operating system. This piece of advice has already become a banal remark, but it is really important. It would be naive to assume that hundreds of thousands of developers at software companies get money just for doing a useless work.
If your computer has already been infected
Since the ransomware usually runs in the background mode, the victims do not at once notice what is going on. But how to spot a threat that infected a computer? What should alert the user?
Leaving out the encrypted files with obscure names (this is a tough luck), the main sign showing the device has been infected is when a system is running slow. And since the viruses are usually downloaded when searching the Internet, the first symptoms can be spotted exactly during this time.
Here are some of these symptoms:
- slow loading of pages;
- sudden synchronization of your computer with a cloud disk when no files have been changed;
- high CPU utilization and RAM consumption unexplained by any reasonable causes.
If your hard disk is attacked with the ransomware, the treatment may be long and difficult, and you won’t do without specialists. But anyone can render first aid to the computer before addressing the “doctors”:
- Having noticed some dubious processes, it is necessary to immediately turn off the Internet on the device and put it in the hibernation mode.
- After that, you need to run the Antivirus scan. In case some suspicious files have been found, don’t delete them but send to the quarantine. Then they should be forwarded to the anti-virus tech support for a check, research, and selection of the decoder.
You shouldn’t do the following:
- change the extension of the damaged files;
- delete them or treat them with Antivirus on your own;
- reinstall the OS.
All these measures will not help, but rather do even more damage.
You also can search for the decrypt file tools developed by the cyber security experts on the network. Of course, you should do it only on the official websites of the antivirus programs, rather than on dubious forums, where instead of removing it you can pick up some new viruses. Although it is unlikely you will manage to find the antivirus for the latest type of ransomware virus, it is still possible that the computer was attacked by an older version of the Trojan ransomware and the “antidote” for the latter has already been created.
So should we pay the extortionists? Of course, there is a hope to “convince” the ransomware to decode files by paying money. But you shouldn’t count on a mutually beneficial agreement since fraudsters’ aim doesn’t change: it is to cheat and always win.
The best protection against the ransomware is to be cautious and vigilant. Before the infection, rather than after that.