How to Prevent Ransomware

WHAT IS IT?

Ransomware is a virus that forces you to pay money to a hacker by holding your files for ransom. There is no virus protection software that will detect or prevent it and no way to remove it without wiping and restoring the infected computer.

WHAT DOES IT DO?

Once the virus gets on your system, it will start working in the background to encrypt your files. It won’t touch any system files; instead focusing on items that a user would find important. Such as photos, documents, spreadsheets, videos, etc. It will do this to your files as well as files shared on a server. Once it has encrypted these files, it will then pop up a message stating that… your files are encrypted and you’ll have to pay a few hundred dollars or more within 48-72 hours to get your files back. There are a few variations of Ransomware viruses floating around the Internet and each is using a high level of encryption. There’s very little chance of us being able retrieve the files and remove the virus for you.

HOW IS IT CONTRACTED?

This type of virus is usually contracted through emails coming from a source that might seem reputable or it will have a vague message inside. The email itself isn’t the trigger, but it will have an attached file to the email. The attachment may appear as a voicemail, invoice, quote, etc. Anything that might get you to open the email to see what it is. Once the attachment has been opened, your computer has become infected. Some emails will have a link to a malicious website that could infect your system as well.

PREVENTION TIPS

  • DO NOT click on online promotional browser ads.
  • DO NOT open email attachments from someone you do not know.
  • DO NOT open anything that looks suspicious, even if it seems to be from a reputable source.
  • When in doubt, verify attachments with senders before opening.
  • Keep your enviroment safe. Save (don’t open!) suspicious attachments

EARLY WARNING SIGNS OF INFECTION

There are a couple of warning signs that would indicate you might have a Ransomware virus on your system. These viruses will create a few files that are usually titled DECRYPT_INSTRUCTIONS; creating them in a few different formats to ensure you’ll be able to open one of them. These files will be placed in every folder where files have been encrypted. The second warning will be the files themselves. They’ll suddenly become inaccessible, with Windows stating that it doesn’t know what program to use to open them. If it’s a file(s) that you know you’ve been able to access before and it’s showing a blank icon or something different than it usually would; then it’s likely been encrypted.

WHAT TO DO IF INFECTED

If you do find that the files are inaccessible and new files have appeared that are titled DECRYPT_INSTRUCTIONS, then you’ll want to unplug the network cord from your computer and shut the system down completely. This will take your computer off of the network and prevent your system from encrypting any files shared on a server. Once the computer has been taken off of the network, please contact the Analytics Help Desk.

This is a real-life Ransomware attack sent to Analytics and verified as malicious.