ransomware

    What should you do if you think you’re being ransomware?

    If you think you may be the victim of ransomware, the first thing you should do is try to remain calm. This can be difficult, as being locked out of your computer or seeing a message demanding payment can be very distressing. However, it is important to remember that there are steps you can take to minimize the damage and get your computer back.

    The first thing you should do is disconnect your computer from the internet. This will prevent the ransomware from spreading further or encrypting any additional files. Once your computer is offline, try to boot into Safe Mode. This will allow you to access your computer without the ransomware running.

    Once you’re in Safe Mode, open your antivirus program and run a scan of your system. Some ransomware is designed to disable antivirus programs, so you may need to download a new one. If you have a backup of your files, this is the time to restore them. If you don’t have a backup, you may be able to use a data recovery program to recover some of your files.

    Once you have your computer back, it is important to take steps to prevent this from happening again. Be sure to install updates for your operating system and programs as soon as they are available. Avoid clicking on links or attachments in emails from people you don’t know. And, of course, back up your files regularly..More information

    What are the most common ransomware strains?

    As of late 2018, the three most common families of ransomware are Locky, SamSam, and CrySIS.

    Locky was first seen in February of 2016, and is notable for being one of the first ransomware families to use AES encryption. Locky is typically spread through phishing emails that contain a malicious attachment, and once opened, will encrypt the victim’s files before demanding a payment in Bitcoin.

    SamSam first appeared in December of 2015, and is unique in that it does not use phishing emails for infection. Instead, SamSam relies on brute-forcing RDP connections in order to gain access to a network. Once inside, SamSam will scan for and encrypt any files it can find before demanding a ransom.

    CrySIS first appeared in April of 2014, and is notable for its use of the Tor network to obfuscate both its Command & Control infrastructure and the Bitcoin wallets used to collect ransom payments. CrySIS is typically spread through phishing emails that contain a malicious attachment, and once opened, will encrypt the victim’s files before demanding a payment in Bitcoin.

    Visit malwarezero.org to learn more about ransomware. Disclaimer: We used this website as a reference for this blog post.

    Leave a Reply

    Your email address will not be published. Required fields are marked *