SPANISH and UK police have partnered in a Europe-wide scheme to help victims of ransomware retrieve their encrypted data without having to pay the criminals.
The UK’s National Crime Agency and Spain’s Guardia Civil and National Police are just some of the forces who have joined with IT security companies to create the ‘No More Ransom!’ project.
If your computer infected by ransomware they offer some free decryption tools on their website that might help you retrieve your data.
The website (see link at foot of article) says the general advice is not to pay the ransom.
It says, “By sending your money to cybercriminals you’ll only confirm that ransomware works, and there’s no guarantee you’ll get the decryption key you need in return.”
The project also aims to educate users about how ransomware works and what countermeasures can be taken to effectively prevent infection.
“It is much easier to avoid the threat than to fight against it once the system is affected.”
A ransomware attack is typically delivered via an e-mail attachment which could be an executable file, an archive or an image.
Once the attachment is opened, the malware is released into the user’s system.
Cybercriminals can also plant the malware on websites. When a user visits the site unknowingly, the malware is released into the system.
How to prevent a ransomware attack?
- Back-up! Back-up! Back-up! Have a recovery system in place so a ransomware infection can’t destroy your personal data forever. It’s best to create two back-up copies: one to be stored in the cloud (remember to use a service that makes an automatic backup of your files) and one to store physically (portable hard drive, thumb drive, extra laptop, etc.). Disconnect these from your computer when you are done. Your back up copies will also come in handy should you accidentally delete a critical file or experience a hard drive failure.
- Use robust antivirus software to protect your system from ransomware. Do not switch off the ‘heuristic functions’ as these help the solution to catch samples of ransomware that have not yet been formally detected.
- Keep all the software on your computer up to date. When your operating system or applications release a new version, install it. And if the software offers the option of automatic updating, take it.
- Trust no one. Literally. Any account can be compromised and malicious links can be sent from the accounts of friends on social media, colleagues or an online gaming partner. Never open attachments in emails from someone you don’t know. Cybercriminals often distribute fake email messages that look very much like email notifications from an online store, a bank, the police, a court or a tax collection agency, luring recipients into clicking on a malicious link and releasing the malware into their system.
- Enable the ‘Show file extensions’ option in the Windows settings on your computer. This will make it much easier to spot potentially malicious files. Stay away from file extensions like ‘.exe’, ‘.vbs’ and ‘.scr’. Scammers can use several extensions to disguise a malicious file as a video, photo, or document (like hot-chics.avi.exe or doc.scr).
- If you discover a rogue or unknown process on your machine, disconnect it immediately from the internet or other network connections (such as home Wi-Fi) — this will prevent the infection from spreading.
Types of ransomware
- It encrypts personal files and folders (documents, spreadsheets, pictures, and videos).
- The affected files are deleted once they have been encrypted, and users generally encounter a text file with instructions for payment in the same folder as the now-inaccessible files.
- You may discover the problem only when you attempt to open one of these files.
- Some, but not all types of encryption software show a ‘lock screen’.
Lock Screen Ransomware — WinLocker
- It locks the computer’s screen and demands payment.
- It presents a full-screen image that blocks all other windows.
- No personal files are encrypted.
- Master Boot Record (MBR) Ransomware
- The Master Boot Record (MBR) is the part of the computer’s hard drive that allows the operating system to boot up.
- MBR ransomware changes the computer’s MBR so that the normal boot process is interrupted.
- Instead, a ransom demand is displayed on the screen.
For more information visit: https://www.nomoreransom.org