A must-see guide for those who got infected with a ransomware virus

by Lucia Danes - - 2018-05-29

Ransomware is amongst the most complicated and threatening viruses

Ransomware epidemic

Ransomware is a file-encrypting malware that uses AES or similar encryption algorithm to encrypt files and renders them useless. The only safe way to recover data is by restoring it from a backup – using extra files saved on a cloud server or an external hard drive. Unfortunately, not many computer users backup their systems as nobody expects to get targeted. In this case, people start thinking of an alternative way to recover their data – paying cybercrooks and hoping that they will send them a required key. However, no matter how tempting this way looks, experts do not recommend choosing it.

As recent attacks involving serious industry giants, FedEx, Maersk,^[1] and others, have revealed, the problem does not end with regular users. Back in 2017, WannaCry,^[2] which has infected over 300,000 computers globally, destroyed the operation of NHS (National Health Service) and caused major disruption in helping the ones in need.

As a result, the damage caused by ransomware attacks came up to $5 billion in 2017. Cybersecurity experts predict that this number will rise to $11.5 billion by 2019.^[3] However, the primary losses do not lie in ransom payments; they are more related to the devastation ransomware leaves – disrupted operation of the company, data loss, recovery procedures, decreased compny's reputation, as well as full reinstallation of IT systems.

Ransomware is always shifting and looking for new ways to contaminate machines

Cybercriminals who are working behind crypto-malware are typically looking for new tricks to improve the code, make the virus less detectable, and increase the probability of the infection. Similarly to how legitimate businesses grow over time – so does the cybercrime. Therefore, traditional anti-virus techniques that were useful 20 years ago have become completely obsolete.

At the moment, ransomware authors use the following means to contaminate machines and networks:

Malspam
Exploit kits^[4]
Poorly protected RDP
Hacked or infected websites
Cracked or repacked software
Fake updates, etc.

The newest ransomware can infect the entire network by utilizing trojan-like capabilities within the malicious code. For example, the infamous Petya had worm efficiency in June 2017,^[5] allowing it to affect more than 12,500 computers in 64 countries, including Belgium, Brazil, Germany, Russia and the USA.

Another smart way used by hackers to make ransomware widespread is by applying a ransomware-as-a-service technique. To distribute RaaS around the web, they just need to promote it via the Dark Web and then apply profit-sharing model to divide the earnings with the associate. The distributor typically receives between 60% and 80% of the profit, making it an attractive business model for both authors and the affiliates.

Best way to protect your files is by avoiding crypto malware entirely

In some rare cases, ransomware code is cracked by security experts and a free decryptor is released to the public use. For example, the official decoder was distributed for those affected by CrySiS virus in 2015^[6]). Additionally, victims can use third-party recovery tools, although the possibility of getting data back this way is relatively low. Nevertheless, the best way to protect your files is by avoiding ransomware attacks in the first place. Although ransomware viruses are becoming more sophisticated, users are always the ones who are letting malware into their systems.

To avoid such cases or at least decrease their range, businesses and regular computer users are recommended following these precaution measures:

Backup, backup, backup!

Backup is a must. Regardless how well you are aware of ransomware distribution methods, you are never 100% secure. Therefore, you should regularly backup all your valuable files. Remember, the external device should be NOT connected to the machine prior to the infection, as all the data will be locked up as well. Alternatively, you can use cloud services, such as Dropbox, Google Drive, iCloud, etc.

Avoid spam emails

Spam emails are still the most prominent ransomware distribution method. Hackers often employ bots to send out thousands, if not millions, of phishing emails to random or targeted individuals. Additionally, malware authors can also use a botnet to spread the virus even further. While survey scams often use entry-level social engineering, ransomware authors apply advanced phishing email writing techniques which can convince even those who are familiar with scams. Thus, ignore spam emails, and especially do not open attachments included.

Invest into robust anti-malware software

Security software is developed by IT professionals who dedicate a lot of time to malware research and its prevention. Anti-virus programs can block malicious threats and eradicate them in real-time. If the AV detects the malicious file, it can prevent ransomware executable from launching.

Update software regularly

Hackers continuously hunt for software vulnerabilities. By using exploit kits, they can inject the malicious code directly into the unpatched machine. Therefore, update software and operating system as soon as patches that fix bugs become available. You should download them only from official websites and software vendors.

Stop yourself from visiting dubious websites

We highly recommend avoiding porn, gambling, file-sharing and other suspicious sites. These domains are known to be often infested with malware. Additionally, the repacked software can be injected with malicious code (every executable can be malicious, even if it is disguised under legitimate name).

Restrict users' access and ability to install software on company's network

Security experts recommend leaders of organizations to restrict networks and prevent employees from injecting new programs. Only individuals who are working in IT sector should be allowed to operate your computing infrastructure. Besides, instructing employees on the most popular dangers related to ransomware and its distribution means is also recommended.

About the author

Lucia Danes - Virus researcher

Lucia is a News Editor for 2spyware. She has a long experience working in malware and technology fields.

Contact Lucia Danes
About the company Esolutions

References

^ Doug Olenick. NotPetya attack totally destroyed Maersk's computer network: Chairman. SC Media. News network.
^ Olivia Morelli. WannaCry ransomware virus. How to remove? (Uninstall guide). 2-spyware. Cybersecurity news and articles.
^ Steve Morgan. Global Ransomware Damage Costs Predicted To Hit $11.5 Billion By 2019. Cybersecurity Ventures. Cybersecurity facts and statistics.
^ Forrest Williams. Understanding Exploit Kits: How They Work and How to Stop Them. Barkly. Security blog.
^ New ransomware, old techniques: Petya adds worm capabilities. Microsoft. Microsoft Secure blog.
^ Clean a Crysis or Wallet infection using the ESET Crysis decryptor. ESET. Security researchers.