Tuesday, September 19, 2017

Ransomware; What You Need To Know


With the popularity of the "WannaCry" ransomware bug that went around in early 2017, most folks are pretty familiar with the term Ransomware (aka an extortion virus). If you are not familiar with term, essentially a Ransomware virus is bug that usually gets into a system through an infected attachment via a fake Email. Once the email is opened, the virus activates and immediately starts to seek out and encrypt Word Documents, Excel Spreadsheets, Pictures, Music; anything it can get it's hands on. It is a VERY destructive type of attack and if not prepared, you could loose all of the precious data that is stored on your computer and connected to your computer!

So what is Data Encryption?

Data encryption is a way to lock a file, or any type of data on a hard drive, very securely. Encryption essentially locks a file with a nearly unbreakable secret password, key, etc. Once a file has been "locked" or encrypted, you need have to have the secret key or password to be able unlock and access file(s) again. The key or password is what enables you to decrypt, or "unlock" the file, and have access to all your stuff again; pictures, documents, music, etc. So what the scammers are trying to achieve with deploying Ransomware is to lock your data up and then extort money from you to get your data back. Essentially make you pay a ransom to get your data unlocked and accessible again.

What can you do to protect yourself from Ransomware attacks?


  1. BACKUP YOUR DATA: Back up your files remotely every day, but only on a hard drive that is not connected to the internet. So long as you back up files on an external hard drive, you won’t lose any information if hit by a ransomware attack.
  2. NEVER OPEN A SUSPICIOUS EMAIL ATTACHMENT: And never download an app that you haven’t verified with an actual store. Read reviews before installing programs.
  3. SCAN ALL DOWNLOADS: Some antivirus programs have the ability to scan files to see if they might contain ransomware. Make use of them before downloading any questionable attachments from email or software from the internet.
  4. EXTRA PROTECTION: If you want take things a step even further, BitDefender does have an Anti-Ransomware security tool you can install and run on your computer to supplement (and work in conjunction with) your existing security software:
    www.bitdefender.com/solutions/anti-ransomware-tool.html

What do you do if you have already gotten infected with Ransomware?

If your computer has been attacked by ransomware, you can explore the free ransomware response kit (from ZDNet) for a suite of tools that can help with a ransomware attack.
Pacific Northwest Computers also recommends the following to moderate an attack as well:
  1. Remove the infected machines from the network, so the ransomware does not use the machine to spread throughout your network!! VERY IMPORTANT!!
  2. Decide whether or not to restore from available backups, try to decrypt the encrypted data, or pay the ransom and take it as a lesson learned.
  3. Research if similar malware has been investigated by other IT teams, and if it is possible to decrypt it on your own. About 30 percent of encrypted data can be decrypted without paying a ransom. Some of those tools are listed below:
If the none of the available decryption tools work (or a decryption tool is not available for your specific type or Ransomware) data recovery could be a last resort option. There have been cases where when the Ransomware virus attacks and the data encryption first occurs, the original file is actually copied and then deleted, and the copied file is what gets's encrypted! So we can try to recover those original files!

If you have been hit by a Ransomware virus, you need Ransomware Data Recovery, or you are interested in getting some systems in place to be prepared and protected in the case of a Ransomware attack, feel free to reach out to us!
Pacific Northwest Computers


Jon Pienkowski ~ Owner/Operator
360.624.7379