Skip to main content

How to Remove and Prevent Ransomware Infection (Full Guide)

How to Remove and Prevent Ransomware Infection (Full Guide)

A sample message of WannaCry infection after a failure to prevent ransomware attack

So, you think computer viruses can’t hurt you other than hiding your files and slowing your computer down? Think again. A not-so-new breed of malware called cryptolocker (or ransomware) is spreading wildly like forest fires worldwide. Can your current anti-malware prevent ransomware attacks?

One of the most notorious of these ransomware programs is the infamous WannaCry. It uses an exploit in the Windows operating system that has been leaked from the National Security Agency (NSA).

In a nutshell, WannaCry, like all other ransomware, encrypts your important data and files and demands money for your files to be decrypted. Currently, anti-malware software and ransomware removal tools can eliminate the virus—not decrypt your files.

prevent ransomware, cyber crime, malware

How a Cryptolocker like WannaCry Works

First off, you need to understand that WannaCry is a worm. A worm is malicious software (or malware) that needs not be installed. The moment you receive a copy of the virus and you click on it to access it, the virus will have found its way to your computer.

Where do you get it?

There are three ways WannaCry and other cryptolocker viruses are spread:

First, you download it as an attachment to a file or from a website, thinking it’s something else. It could disguise itself as a document or as a program. Usually, it will have a misleading extension. Common extensions are JPEG, DOC, and PDF.

Second, it can be spread through storage media. Since it’s a worm, the moment you insert a flash drive, for example, into an infected computer, you’ll get it into that drive. The virus will be transferred to the next unprotected computer inserted into the drive.

The third method unique to the WannyCry cryptolocker is self-replication via a network. Purportedly, WannyCry utilizes an exploit in the Windows operating system, among many security vulnerabilities of the OS, that NSA is allegedly using to access other people's computers remotely.

Once WannaCry infects a computer, it scans for computers within the same network that has the exploit. After it finds such a computer, it replicates itself into that computer.

The thing about this cryptolocker is you don’t know it’s there—it doesn’t manifest itself, at least in ways we know—until it’s finished encrypting all important files. Thus, the malware infection can spread to other computers via an infected computer.

What it does

A cryptolocker encrypts only the important files such as documents, pictures, videos, and other files on the computer except for the system files.

It doesn’t encrypt the system files because it wants you to boot and log in to your computer so that you know that your files are locked up and that you will want to unlock them.

After the virus is finished encrypting files, it will generate a key to decrypt the files and send the key to a remote server. It will then remove the copy of the key from the computer. This ensures that you won’t have any way of decrypting your files other than playing the ransom and trusting that the malware will download the key and decrypt your files.

You will know that the virus is finished encrypting your files because a window will appear informing you of your demise. The malware will also change your desktop background to an image containing more virus information.

You can’t close the window the malware opens, but you can click on the next button. Clicking on such a button directs you to the payment process instructions.

Currently, ransomware programs demand that a victim pay the ransom of 2 bitcoins or 300 hundred dollars. However, Bitcoin is a preferred payment method since it’s difficult, if not impossible, to trace. After making a payment, the malware is expected to decrypt the files and remove itself.

Is there a guarantee that the malware will decrypt your file after payment?

There is not. The malware is good at encrypting files. That’s what we know so far. Decryption is not always likely. Thus, paying is not advisable because you risk losing to the virus twice.

If you were infected, the most you can do is remove the virus, discard all encrypted files, and move on from there. In these times where data breaches and cyber threats are common, having redundant data backups kept and regularly updated via a private network is necessary

How to Protect Yourself from WannaCry and other Ransomware

Encryption is a very advanced technology designed to protect users from access from external sources. The same technology, however, is currently used to harm other people. Currently, there are no simple ways to decrypt files without the key. Not even the best anti-ransomware software can provide the means to recover locked files and documents.

The best way is to protect yourself from getting infected. Here are some tips you can do:

Install All Windows Updates

upgrade, windows, laptop

After hearing about the exploit, Windows immediately released an update for all its operating systems—even the unsupported ones. The problems are not all computers are connected to the Internet, and some computers are on limited bandwidth or a metered connection thus limiting their access to the latest security patches.

Thus, not everyone was able to download the update on time. Some computers are still even unpatched.

To date, WannaCry ransomware has infected over 200,000 computers and placed a great toll on 10,000 organizations in over 150 countries worldwide.

Thus, whatever Windows you’re running in, update it. Connect to the Internet, download all updates and install them. This will allow you to download recent updates and fixes and will remove the exploit.

Install an Anti-Malware and Update It Regularly

There are a lot of free anti-malware programs on the Internet today. However, paid antimalware programs are a lot better.

Kaspersky, for instance, is one of the leading antimalware programs that actively upgrade itself periodically to protect your computer from ransomware.

It is also important that you update whatever program you are using to protect yourself from cryptolocker regularly. This ensures that the list and algorithms of your program can detect and remove the malware effectively.

Disable Macros and Scripts in MS Office and Excel

Without strong antivirus software or ransomware protection, malware can install itself and run from MS Office and MS Excel through codes hidden within a file. The incidence of document-based malware, exploiting a weakness in the operating system's security protocols, is steadily increasing.

Programs attached to documents easily proliferate because they can be sent surreptitiously through legit files. Without an anti-malware program, the malware can easily execute itself in the background and do its nasty job.

Backup

Purchase a storage media like a portable external hard drive and back your data up periodically. That way, when you are hit by ransomware unprepared, you’ll only lose files and data from the last time you backed up to the present. Also, starting from the available backup files will be much more convenient than starting from scratch.

Conclusion

Ransomware like WannaCry is designed to self-replicate and exploit the vulnerabilities in operating systems. They can spread uncontrollably without proper protection against it. Often, it is difficult, if not impossible, to recover from a ransomware infection.

Currently, the best way to deal with it is to prevent a ransomware infection by protecting your computer with robust security solutions. You can do this by downloading and installing the latest Windows update and by installing and updating an antimalware program like Kaspersky with a paid or premium license. It also helps to disable any remote desktop protocol, prevent unauthorized network access, isolate any suspected infected systems, and send any infected devices to a software security team.



Comments

Popular posts from this blog

Solution to: BSOD - nvvsvc.exe C++ Runtime Error Can't Log in

The Problem is probably caused by: 1. Failed windows update (probably while updating either the C++ runtime library or the nvvsvc.exe or nvidia graphics driver). 2. Corrupted registry files which you can't access because of the Black Screen of Death preventing you to login. Other indications are: 1. Can't boot-up in safe mode. 2. Can't bring up the log-in screen no matter how long you wait or how hard you click or how many times to doodle with the mouse hoping the problem just heal by itself. 3. You've tried CHKDSK hoping it's caused by Disk Error, and 4. You've tried regenerating your disk, but NOTHING WORKS. The first method that must be employed is a "SYSTEM RESTORE" through a windows repair disk. 1. Press F8 after computer post. 2. You will see options like "Repair your computer", "Safe Mode", and etc.,. Select Repair your computer. 3. In case "Repair your computer" is not on the list, insert a Windows Re

Pokémon Go Plus to be released Sept. 16, but is it worth your money?

Finally, the wearable tech that Pokémon Go fans were promised almost a year ago after the game has been launched will be released on September 16, 2016. A lot of people, avid fans, and critics alike have had issues with the need to keep oneself pinned to the phone’s screen while playing Pokémon Go. For one, it has put many people to danger and has even caused the accidents of some. Pokémon Go Plus is the game’s companion device designed to enable players to play Pokémon Go with minimal screen interaction. The design of the device is a cross between Google map’s pin and the Poké ball which can either be worn around the wrist (similar to a watch) or pinned to clothes. It can also be stuffed in one’s pocket (preferably, chest pocket). The Pokémon Go Plus device connects to the phone (and the game) through a low-energy Bluetooth technology (Bluetooth® Smart) that is utilized by health and fitness gadgets and devices. What the $35-device does is it allows one to catch nearby Pok