Ransomware is on the rise, it is a malware infection that will encrypt a user’s files and hold them for a ransom that normally can only be paid in bitcoin or other not easily traceable payment forms. This type of malware infection is particularly crippling to a business as they could potentially lose financial information and more to hackers. Recently, Malwarebytes shared a blog post that a hospital in LA paid around 17,000 dollars in bitcoin (40BTC) to recover their files that were encrypted by Ransomware, as a result of this and the rise we have noticed in Ransomware infections, we will now cover what Ransomware does in this blog post as well as how you can protect yourself from this threat.
How you can get infected by Ransomware:
There is a variety of ways in which you may accidentally stumble upon this horrible malware,
• Malvertising (Leading to an exploit kit, dropping Ransomware to your system)
• Malicious Downloads (Running an infected fake program that claims to be something else)
• Malicious Websites (Websites that take advantage of security holes — Exploits)
• Malicious Email Attachments (May claim to be another file type such as .doc but run as a .exe)
Hackers are always searching for new, easier ways to exploit users, stay aware of modern threats!
What exactly does Ransomware do?
When run, Ransomware will search your system for specific file types such as .doc, .psd, .txt, and many more and then attempt to encrypt them using strong modern encryption technology. Once the Ransomware has encrypted your files, they will no longer be usable, opening a .txt that has been encrypted for example will only show garbled text instead of what the .txt actually contained. Ransomware will then present you with a message stating that your files have been encrypted and even sometimes accuse you of committing false crimes, it can pretend to be the FBI or other government entities and it will demand payment at a certain address to recover your files.
How do I remove the infection if I have it?
Removing this threat is often rather simple, however, any files that it has encrypted often cannot be recovered unless a decryption tool for that specific infection is created by an encryption expert.To remove this threat, you may need access to another non-infected computer to download the programs needed to remove it depending on the variant of Ransomware you have, some variants do not block access to the infected PC, while others will prevent you from doing anything even upon rebooting.
Comprehensive Infection Removal Instructions:
(Some of these steps may not be necessary depending on your level of infection)
— If none of these first steps work, skip to step 6
Step 1: Download Rkill and run it on the infected PC
Step 2: Download Malwarebytes Chameleon and run it on the infected PC
Step 3: Scan with Malwarebytes for infections (This only applies if the first step worked)
Step 4: Download Combofix and run it on the infected PC (Do NOT do this until step 3 finishes)
Step 5: Download HitmanPro and do a one time scan, 30 day trial to check for leftover infections
Your infection should now be removed fully, feel free to check with Avast! and other antivirus vendors for leftovers
Step 6: Download Kaspersky Rescue Disk on a non-infected computer and create a rescue disk following their included instructions, then use the created rescue disk on the infected PC and scan for infections, Kaspersky should remove whatever is blocking your desktop, proceed to Step 1.
How do I avoid getting this infection?
Make sure that all of your software is up-to-date, exploit kits that drop ransomware will target outdated versions of software such as Java and Flash Player. Additionally, make sure that you and every PC running in your connected network are running an up-to-date antivirus solution. Every Antivirus solution is different and some do not handle the newest threats as well as others, below are the official suggestions of the Hexxium Creations© team and their download links.
• Malwarebytes Antimalware (Highly regarded as one of the best solutions against malware)
• Avast! Antivirus (A very good protection tool that protects even your passwords)
• Bitdefender (Another very good antivirus that protects against most day 0 infections)
Other antivirus solutions exist, however the above solutions have shown exemplary performance in our personal testing against new infections. We highly recommend avoiding Norton Antivirus as well as AVG and McAfee as those solutions are often invasive, incorrect and do not protect you as well as the above recommended programs.
If you need help removing this from one of our experts or need help removing other malware, create a post under “Malware Removal Help” in our new forum here and we will help you!
We hope you find this blog post useful, if you feel it needs updates, contact us here: [email protected]