Friday, May 19, 2017

How to Remove and Protect Yourself from Ransomware Infection

How to Remove and Protect Yourself from Ransomware Infection

So, you think computer viruses can’t hurt you other than hiding your files and slowing your computer down? Think again. A not-so-new breed of malware called cryptolocker (or ransomware) is currently spreading wildly like forest fires around the world.
One of the most notorious of these ransomware programs is the infamous WannaCry. It uses an exploit in the Windows operating system that has been leaked from the National Security Agency (NSA).
In a nutshell, WannaCry, like all other ransomware, encrypt your important data and files and demands money for your files to be decrypted. Currently, what antimalware programs and ransomware removal tools can do is eliminate the virus—not decrypt your files.

How a Cryptolocker like WannaCry Works

First off, you need to understand that WannaCry is a worm. A worm is a type of computer malware that needs not be installed. The moment you receive a copy of the virus, and you click on it to access it, the virus will have found its way to your computer.

Where do you get it?

There are three ways WannaCry and other cryptolocker viruses are spread:
First, you download it as an attachment to a file or from a website thinking it’s something else. It could disguise itself as a document or as a program. Usually, it will have a misleading extension. Common extensions are JPEG, DOC, and PDF.
Second, it can be spread through storage media. Since it’s a worm, the moment you insert a flash drive, for example, to an infected computer, you’ll get it into that drive. The virus will be transferred to the next unprotected computer that the drive is inserted into.
The third method, which is unique to the WannyCry cryptolocker is self-replication via a network. Purportedly, WannyCry utilizes an exploit in Windows Operating Systems that NSA is allegedly using to access other people's computers remotely.
Once WannaCry infects a computer, it scans for computers within the same network that have the exploit. After it finds such a computer, it replicates itself into that computer.
The thing about this cryptolocker is you don’t know it’s there—it doesn’t manifest itself, at least in ways we know—until it’s finished encrypting all important files. Thus, an infected computer can keep on infecting others while it’s doing its nasty job.

What it does

A cryptolocker encrypts only the important files such as documents, pictures, videos and other files on the computer except for the system files.
The reason it doesn’t encrypt the system files is it wants you to boot and login to your computer so that you know that your files are locked up and that you will want to unlock them.
After the virus is finished encrypting files, it will generate a key to decrypt the files and send the key to a remote server. It will then remove the copy of the key from the computer. This ensures that you won’t have any way of decrypting your files other than playing the ransom and trusting that the malware will download the key and decrypt your files.
You will know that the virus is finished encrypting your files because a window will appear informing you of your demise. The malware will also change your desktop background to an image with more information about the virus.
You can’t close the window the malware opens, but you can click on the next button. Clicking on such a button directs you to a payment process.
Currently, ransomware programs demand 2 bitcoins or 300 hundred dollars. Bitcoin is a preferred payment method, however, since it’s difficult, if not impossible, to trace. After making a payment, the malware is expected to decrypt the files and remove itself.

Is there a guarantee that the malware will decrypt your file after payment?

There is not. The malware is good at encrypting files. That’s what we know so far. Decryption is not always likely. Thus, it is not advisable to pay because you risk yourself from losing to the virus twice.
If you were infected, the most you can do is to remove the virus and discard all encrypted files and move on from there.

How to Protect Yourself from WannaCry and other Ransomware

Encryption is a very advanced technology designed to protect users from access from external sources. The same technology, however, is currently used to harm other people. Currently, there is no simple of decrypting files without the key.
The best way is to protect yourself from getting infected. Here are some tips you can do:

Install All Windows Updates

After hearing about the exploit, Windows immediate released an update for all its operating systems—even the unsupported ones. The problems are not all computers are connected to the Internet, and some computers are on a limited bandwidth or a metered connection.
Thus, not everyone was able to download the update on time. Some computers are still even unpatched.
To date, WannaCry ransomware has infected more than 200,000 computers and placed a great toll on 10,000 organizations in over 150 countries around the world.
Thus, whatever Windows you’re running in, update it. Connect to the Internet, download all updates and install them. This will allow you to download recent updates and fixes and will remove the exploit.

Install an Anti-Malware and Update It Regularly

There are a lot of free anti-malware programs on the Internet today. However, paid antimalware programs are a lot better.
Kaspersky, for instance, is one of the leading antimalware programs that actively upgrade itself periodically to protect your computer from ransomware.
It is also important that you update whatever program you are using to protect yourself from cryptolocker regularly. This ensures that the list and algorithms of your program can detect and remove the malware effectively.

Disable Macros and Scripts in MS Office and Excel

Malware can install themselves and run from MS Office and MS Excel through codes hidden within a file. The incidence of document-based malware is steadily increasing.
Programs attached to documents easily proliferate because they can be sent surreptitiously through legit files. Without an anti-malware program, the malware can easily execute itself in the background and do its nasty job.


Purchase a storage media like a portable external hard drive and back your data up periodically. That way, when you are hit by a ransomware unprepared, you’ll only lose files and data from the last time you backed up to the present.


A ransomware like WannaCry is designed for self-replication and vulnerability exploit. They can spread uncontrollably without proper protection against it.
Currently, the best way to deal with it is to protect your computer from infection. You can do this by downloading and installing the latest Windows update and by installing and updating an antimalware program like Kaspersky with a paid or premium license.

No comments:
Write comments