How to Remove and Prevent Ransomware Infection (Full Guide)
So, you think computer viruses can’t hurt you other than hiding your files and slowing your computer down? Think again. A not-so-new breed of malware called cryptolocker (or ransomware) is spreading wildly like forest fires worldwide. Can your current anti-malware prevent ransomware attacks?
One of the most notorious of these ransomware programs is the infamous WannaCry. It uses an exploit in the Windows operating system that has been leaked from the National Security Agency (NSA).
In a nutshell, WannaCry, like all other ransomware, encrypts your important data and files and demands money for your files to be decrypted. Currently, anti-malware software and ransomware removal tools can eliminate the virus—not decrypt your files.
How a Cryptolocker like WannaCry Works
First off, you need to understand that WannaCry is a worm. A worm is malicious software (or malware) that needs not be installed. The moment you receive a copy of the virus and you click on it to access it, the virus will have found its way to your computer.
Where do you get it?
There are three ways WannaCry and other cryptolocker viruses are spread:
First, you download it as an attachment to a file or from a website, thinking it’s something else. It could disguise itself as a document or as a program. Usually, it will have a misleading extension. Common extensions are JPEG, DOC, and PDF.
Second, it can be spread through storage media. Since it’s a worm, the moment you insert a flash drive, for example, into an infected computer, you’ll get it into that drive. The virus will be transferred to the next unprotected computer inserted into the drive.
The third method unique to the WannyCry cryptolocker is self-replication via a network. Purportedly, WannyCry utilizes an exploit in the Windows operating system, among many security vulnerabilities of the OS, that NSA is allegedly using to access other people's computers remotely.
Once WannaCry infects a computer, it scans for computers within the same network that has the exploit. After it finds such a computer, it replicates itself into that computer.
The thing about this cryptolocker is you don’t know it’s there—it doesn’t manifest itself, at least in ways we know—until it’s finished encrypting all important files. Thus, the malware infection can spread to other computers via an infected computer.
What it does
A cryptolocker encrypts only the important files such as documents, pictures, videos, and other files on the computer except for the system files.
It doesn’t encrypt the system files because it wants you to boot and log in to your computer so that you know that your files are locked up and that you will want to unlock them.
After the virus is finished encrypting files, it will generate a key to decrypt the files and send the key to a remote server. It will then remove the copy of the key from the computer. This ensures that you won’t have any way of decrypting your files other than playing the ransom and trusting that the malware will download the key and decrypt your files.
You will know that the virus is finished encrypting your files because a window will appear informing you of your demise. The malware will also change your desktop background to an image containing more virus information.
You can’t close the window the malware opens, but you can click on the next button. Clicking on such a button directs you to the payment process instructions.
Currently, ransomware programs demand that a victim pay the ransom of 2 bitcoins or 300 hundred dollars. However, Bitcoin is a preferred payment method since it’s difficult, if not impossible, to trace. After making a payment, the malware is expected to decrypt the files and remove itself.
Is there a guarantee that the malware will decrypt your file after payment?
There is not. The malware is good at encrypting files. That’s what we know so far. Decryption is not always likely. Thus, paying is not advisable because you risk losing to the virus twice.
If you were infected, the most you can do is remove the virus, discard all encrypted files, and move on from there. In these times where data breaches and cyber threats are common, having redundant data backups kept and regularly updated via a private network is necessary
How to Protect Yourself from WannaCry and other Ransomware
Encryption is a very advanced technology designed to protect users from access from external sources. The same technology, however, is currently used to harm other people. Currently, there are no simple ways to decrypt files without the key. Not even the best anti-ransomware software can provide the means to recover locked files and documents.
The best way is to protect yourself from getting infected. Here are some tips you can do:
Install All Windows Updates
After hearing about the exploit, Windows immediately released an update for all its operating systems—even the unsupported ones. The problems are not all computers are connected to the Internet, and some computers are on limited bandwidth or a metered connection thus limiting their access to the latest security patches.
Thus, not everyone was able to download the update on time. Some computers are still even unpatched.
To date, WannaCry ransomware has infected over 200,000 computers and placed a great toll on 10,000 organizations in over 150 countries worldwide.
Thus, whatever Windows you’re running in, update it. Connect to the Internet, download all updates and install them. This will allow you to download recent updates and fixes and will remove the exploit.
Install an Anti-Malware and Update It Regularly
There are a lot of free anti-malware programs on the Internet today. However, paid antimalware programs are a lot better.
Kaspersky, for instance, is one of the leading antimalware programs that actively upgrade itself periodically to protect your computer from ransomware.
It is also important that you update whatever program you are using to protect yourself from cryptolocker regularly. This ensures that the list and algorithms of your program can detect and remove the malware effectively.
Disable Macros and Scripts in MS Office and Excel
Without strong antivirus software or ransomware protection, malware can install itself and run from MS Office and MS Excel through codes hidden within a file. The incidence of document-based malware, exploiting a weakness in the operating system's security protocols, is steadily increasing.
Programs attached to documents easily proliferate because they can be sent surreptitiously through legit files. Without an anti-malware program, the malware can easily execute itself in the background and do its nasty job.
Backup
Purchase a storage media like a portable external hard drive and back your data up periodically. That way, when you are hit by ransomware unprepared, you’ll only lose files and data from the last time you backed up to the present. Also, starting from the available backup files will be much more convenient than starting from scratch.
Conclusion
Ransomware like WannaCry is designed to self-replicate and exploit the vulnerabilities in operating systems. They can spread uncontrollably without proper protection against it. Often, it is difficult, if not impossible, to recover from a ransomware infection.
Currently, the best way to deal with it is to prevent a ransomware infection by protecting your computer with robust security solutions. You can do this by downloading and installing the latest Windows update and by installing and updating an antimalware program like Kaspersky with a paid or premium license. It also helps to disable any remote desktop protocol, prevent unauthorized network access, isolate any suspected infected systems, and send any infected devices to a software security team.
Comments
Post a Comment