Tag: ransomware

Ransomware – Don’t pay the Ransom

Ransomware is a type of malware from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.

There are ways to try and recover your files from decryption tools available online.
Look for the file extension of what hit you and try to look for it from the list below:

*https://www.nomoreransom.org/en/index.html

-The “No More Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky and McAfee with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.

*https://noransom.kaspersky.com/

-Kaspersky Lab develops and markets antivirus, internet security, password management, endpoint security, and other cybersecurity products and services. It is the fourth or fifth largest endpoint security vendor and the third largest consumer IT security software company.

*https://www.avast.com/en-ph/ransomware-decryption-tools

-Avast develops and markets business and consumer IT security products for servers, desktops, and mobile devices. The company sells both the Avast product line and the acquired AVG-branded products.

*https://www.emsisoft.com/ransomware-decryption-tools/

-Emsisoft’s anti-virus technology is called Emsisoft Anti-Malware. The three versions of Emsisoft Anti-Malware are called Anti-Malware Home, Business Security, and Enterprise Security.

*https://github.com/search?q=ransomware+decryptor

-Some free ransomware decryption tools from Github

National Institute of Standards and Technology (NIST) Releases Tips and Tactics for Dealing With Ransomware

Ransomware is a type of malware from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.

NIST’s advices:

  • Use antivirus software at all times — and make sure it’s set up to automatically scan your emails and removable media (e.g., flash drives) for ransomware and other malware.
  • Keep all computers fully patched with security updates.
  • Use security products or services that block access to known ransomware sites on the internet.
  • Configure operating systems or use third-party software to allow only authorized applications to run on computers, thus preventing ransomware from working.
  • Restrict or prohibit use of personally owned devices on your organization’s networks and for telework or remote access unless you’re taking extra steps to assure security.

NIST also advises users to follow these tips for their work computers:

  • Use standard user accounts instead of accounts with administrative privileges whenever possible.
  • Avoid using personal applications and websites, such as email, chat and social media, on work computers.
  • Avoid opening files, clicking on links, etc. from unknown sources without first checking them for suspicious content. For example, you can run an antivirus scan on a file, and inspect links carefully.

Unfortunately, even with protective measures in place, eventually a ransomware attack may still succeed. Organizations can prepare for this by taking steps to ensure that their information will not be corrupted or lost, and that normal operations can resume quickly. 

NIST recommends that organizations follow these steps to accelerate their recovery:

  • Develop and implement an incident recovery plan with defined roles and strategies for decision making.
  • Carefully plan, implement and test a data backup and restoration strategy. It’s important not only to have secure backups of all your important data, but also to make sure that backups are kept isolated so ransomware can’t readily spread to them.
  • Maintain an up-to-date list of internal and external contacts for ransomware attacks, including law enforcement.

NIST has also published a more detailed fact sheet on how to stay prepared against ransomware attacks. You can find this material and more on ransomware at the NIST and CISA websites. These materials were produced by staff members in NIST’s Information Technology Laboratory and National Cybersecurity Center of Excellence.