It has become more popular now with the Common Virus “Please Pay us for XX Software to Clean up your System” going to the side in favor for Ransomware. Are you ready? lets take a look at What Ransomware is and what you can do if you ever find yourself in trouble!
First, What is Ransomware? Its a Malicious program that once enter into your system looks for your personal documents, pictures and other information and encrypts the files so you can not open or edit them. Once the Malicious program has enter the system and has your files it typically with send the user a notice on what is happening and how to unlock your personal data. Below is a image of a infected system:
unfortunatly there are different kinds of Ransomware out there right now to CryptoWall Locker, TelsaCrypt (pictured Above) to some of the newest threats; .Zepto and CrptXXX they keep evolving into new threats we as users need to be aware of.
After the system is infected what are your options? Unfortunately there really is only 3.
1.Take it into a Computer Repair Shop (self plug) Stinn Tech, and if you have a generation 1 or 2 Virus there will be a good chance we can unlock your files! If not see next options.
2.Format the system and restore from your backup. This is the best method of making sure the system is clean.
3.Pay the Ransom and get your files back. NOT RECOMMENDED! If they have infected your system once and you pay whats stopping them from doing it again? Or you paying the fine and not unlocking your files?
Lets break down each Option.
When we are dealing with ransomware at the shop we always mirror the clients data on to another disk before starting the job. next we try to identify what version of the virus we are working with, as most common encryption will change your extension of your files (pictures most commonly are .jpg) to something else like .XXX or .MP3 etc. From here we can see if there is an available unlock for your data and proceed to unlock your files. This process can be a lengthy one depending on how many personal files you have on the system. Once the files are unlocked we then check the data to see if it is clean, format the original drive and reload the Operating system and copy the data back to the computer. This is never a 100% guarantee that all files can be unlocked it all depends on what version of the virus you may have.
Next (and really the best option) Format the computer and restore from a backup. When you also have a backup it means we can check the backup for the Virus and if its clean we can skip the unlock portion above. Stinn Tech ALWAYS recommends that you use a layered backup. So what is a layered backup?
1.A good Antivirus program. At Stinn Tech we recommend Bitdefender as our go to Antivirus Solution. it has won the best antivirus the last 4 years and keeps on getting better! If you already have a antivirus that you trust you can always install Bitdefender AntiRansomware tool along side your current solution to help combat the attack. (AntiRansomware is included with Bitdefneder AV Products!) Stop in for Bitdefender TODAY!
2. Personal Backup Device, this would be your external hard Drive. A typical size for this is a 1 TB. This plugs into your system and you can run a backup of all your files and keep them safe. Down side is that if the virus attack happens when the drive is plugged in there is a chance that your backup might be compromised as well. Always backup on a schedule. Also there is a Network Attached Storage (NAS) that if setup correctly can also backup your data automatically on your network. This is also a great option but once again if your computer becomes compromised your NAS might be infected as well. Stop in for more information on External Hard Drives and NAS backup solutions!3. Cloud Backup. Saving your personal data on the cloud is the best backup solution, its automatic it works and when you need it and most cloud solutions have features to prevent Ransomware from being backed up. Stinn Tech Recommends Carbonite. They offer multiple plans for each user. From 1 desktop to multiple computers, your NAS and even servers Carbonite has you covered. The neat thing about Carbonite is that they do file retention, meaning they will keep a running copy of your files so in the event you may get hit with Ransomware you can ask Carbonite to remove the current backup and restore from a day or further back!
Last Option is to pay to unlock your files, We highly suggest that you try your best and not pay the ransom, there is no way of knowing if they will unlock your files once they take your hard earned money!
So where does this come from? Typically its going to come from a infected ZIP or Email attachment, once ran nothing seems to happen or open. If you see a email from FedEX or the government with a ZIP file DELETE it and call the company in question to ask if there was a problem. I have seen this with the following posing as:
Candada Revenue, FedEx, UPS, RoyalBank, CIBC, Scotia Bank, Itunes, Apple inc.
Some Ransomware will look for network drives and Computers and also infect those systems as well. Best practice is to backup and only click on attachments that you know are from the legitimate source.
Remember to also check your backup! If its not working (backing up your system) what good is it to you!?!?
If you have any questions or concerns about Virus Prevention or Backups please feel free to contact us!
403 601 6281