Don’t Scare of WannaCrypt

Recently, a type of ransomware known as WannaCrypt which could spread over network like worm affect millions of computers worldwide. Ransomware is type of malware that encrypt files in a system and ask user to pay so they give them key to unencrypt files and making payment doesn’t necessary grand you the key to unencrypt files. Therefore, it is best not to make any payment and instead, invest more time to protect yourself. Normally, ransomwares come through a file or with a virus where user have to click on the file to or run infected program for ransomware to run and it only infect the affected PC and no other PCs in network. However, WannaCrypt is different, it infect the PC and try spread over network like worm and infect other PCs in the network. In this case, it could encrypt all PCs in a company or organization and this is why it becomes great concern. It uses vulnerability in Microsoft Server Message Block 1.0 (SMBv1) server which has been fixed on March to spread over network. To put this simple, if you already updated your Windows, it won’t be able to spread over network and in general you should install update related to Microsoft Security Bulletin MS17-010. In other world, Microsoft already protected you , before this worm infected the world, but because many users and IT professionals still won’t take Windows Update seriously, it manage to affect the world. In addition, majority of Anti-Malware vendors already released update to protect users against this ransomware and if you are using any of Microsoft Anti-Malware products such as Windows Defender, Microsoft Security Essentials, System Center Endpoint Protection, Windows Intune Endpoint Protection, Microsoft Forefront , you will be protected, if you update your Anti-Malware and in Microsoft Anti-Malware signature, it is known as Ransom:Win32/WannaCrypt .

In conclusion, to protect yourself against this WannaCrypt and other ransomwares, you need to update your Windows and update your Anti-Malware product and in general, you should connect to internet and check for update. Microsoft also released Customer Guidance for WannaCrypt attacks. If you are worried about WannaCrypt, you need to do three things: Update (Windows), Update (Anti-Malware), Update (Other Programs).

 

Advertisements

How to Deal with Ransomwares?

Ransomwares are malicious software which taking your system or files as hostage and ask you to pay so it releases those files. There is a timer associate with most ransomwares and you should pay within the period of time otherwise more file will be encrypted or you have to pay more. You should take a note that paying them won’t guarantee you will get back your files. The best way to deal with these malicious programs is to have preventive measurements. Firstly, you should regularly backup your data in external storage. To learn more about getting backup, you may take a look at backup in Windows 10 , Windows 8 Windows 7 or Windows Vista. You may also backup your data to cloud-based storage like OneDrive. In this case, if you ever lost your data, you could use backup to retrieve them. Secondly, make sure your Anti-Malware software is working and it is update. What I mean by working is make sure it is not expired and real-time protection is on. If you have Windows 10 or Windows 8, then you have Windows Defender which is full Anti-Malware protection there and for Windows Vista or Windows 7, you may use Microsoft Security Essentials which is free. Anti-Malware software are able to detect and remove ransomwares. If you received any suspicious emails or you receive email with suspicious attachment, then mark it as junk or spam and NEVER open it. If you visit a website which is suspicious, in Internet Explorer or Microsoft Edge, click on Safety or Send feedback in Internet options or Settings and Report unsafe website and report it and close the browser immediately.

However, if for whatever reason, you have been infected with ransomware, then you should NEVER pay the ransom. You should note they are depend on network and resources of your PC. No matter how strong they are when you shutdown your PC and disconnect from internet, they are unable to do anything. So when you spot such ransomware or you suspicious about your file are being encrypted, then shutdown your PC and unplug cable.

Now, ransom is unable to do anything until you turn on your PC and boot Windows. In this case, you may use Windows Defender Offline, take a look at Scanner in your pocket. Take note you should create this scanner in another PC which is NOT infected with ransomware. Then boot with this scanner in your infected PC and perform a full system scan and take a note of malwares which are being detected. Once it detected and manage to remove then, try boot into your PC and do NOT connect to internet and check your files and make sure they are safe and check what security measurement you should take for example you might need to install Anti-Malware software and then connect to internet and you are good to go.

Pay Me to Release Your PC

Hostage is not only for humans , you PC, files, data could take hostage and there are many people around the world which their PC are getting hostage and want to rescue them. In most cases, their PC take hostage by a malware and they been asked to transfer money to release them. Of course, if you pay the money, it doesn’t guarantee that you will get back your data. Malwares which take your PC or data or PC as hostage and ask you to pay to release are known as ransomware. They are work in different ways, one way is they encrypt your data and ask you to pay to decrypt them or they block your access to PC and ask you enter your mobile phone or send SMS to transfer money to release your PC. They might delete your data and ask you to pay and they won’t recover them back and there are many other ways to take over your PC. The best way to protect yourself against getting hostage by ransomware is to protect your PC. Make sure you have genuine version of Anti-Malware software in your PC and keep your Windows, Anti-Malware software and other software updates (For Windows 8 and Windows 8.1, you have Windows Defender and it is Anti-Malware protection for Windows XP, Windows Vista and Windows 7, you could install Microsoft Security Essentials for home user and small companies up to 10 PCs. All known ransomware are being detect and remove by Microsoft Anti-Malware products and most other Anti-Malware companies. If you have a new sample of ransomware or other malware and it won’t detect by Microsoft Anti-Malware technology, report it.

However, there are cases that Anti-Malware is NOT present in a PC or it is out of date or disable and a PC will get infected, in that case follow these steps:

 

1.       Physically disconnect all you communication to network, unplug your LAN or Dialup cable and turn off your wireless using switch or key on your keyboard. In most cases they are using network to send information about your PC and encrypt your files and in that case they might not let you to disconnect your PC through software and you should do it through hardware.

 

2.       Turn off your PC and if it was blocked use hardware shutdown which is press power button for few second (usually 3-6 second) to turn off your PC.

 

3.       Take a USB, CD or DVD that is blank or you don’t need data inside it and find another PC and create a bootable scan using Windows Defender Offline and boot into your infected PC and run a full system scan.

 

4.       Take a note of name of malwares before removing them and after removal complete , start your PC and resolve your security issue (install Anti-Malware, Update it, etc.).

 

5.       Look for the name of Malware in Microsoft Malware Protection Center for detail of additional removal (if any).

 

In case of ransomware, it is recommended to remove malwares before connecting to internet. For more detail please refer to information about ransomware on Microsoft Malware Protection Center. The following are screenshot of some of the well-known ransomware that pretend to be from legal authority and government and ask you for money or taking your PC as hostage until you pay them.

 

Crilock

sofilblocksofilblock2

 

Remember NEVER pay for ransomware and instead follow instructions to remove them. Make sure to take regular backup of your files so you could recover them in case of data lost or damage.