Sunday, October 30, 2016

 Ransomware Story -

The owner of a plumbing and heating company opened what he thought was a safe email about a Fedex tracking number. The email turned out a ransomware scam. Thus, within a nanosecond all of data files were encrypted. The attached external backup drive was also encrypted.
The thieves had a message that the owner had to pay a ransom in bitcoin to get access to an encryption key, So, after, I calmed the owner down, I did the following:

A) Removed the ransomware virus using the program, Malwarebytes.
B) Recovered hidden copies of the encrypted files using ShadowExplorer. 

This program, ShadowExplorer, allows you to browse and potentially restore the Shadow Copies created by the Windows Vista / 7 / 8 Volume Shadow Copy Service.
So, the files were restored and the owner didn't have to pay a ransom.

Wednesday, May 25, 2016

 Ransomware - What is it? (Updated)

Ransomware is a type of malware that prevents a computer user from using their computer or from accessing the data stored on their computer. To regain access to their data, the user is forced to pay a ransom for a decryption key. The ransom fee is typically demanded in electronic currency or bitcoins.The ransomware infection can usually be removed without paying up, by  using a decent anti-virus program or malware removal program. However, regaining access to your data is not so simple.

Locky is a ransomware program that was recently released. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a payment demand screen that prompts you to send a bitcoin payment to an untracable internet address. You will be given a time frame of a week to make the payment, else the payment amount will increase.

This infection is typically spread through emails which appear to be from people that you know. These emails will contain a zip attachment that when opened would infect the computer.  The attachments are sometimes disguised as a PDF file. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.

Please be aware that currently, there is no tool to that will successfully decrypt the encrypted files.

Bitdefender, an anti-malware and virus protection company, recently released a crypto-ransomware utility that will protect against the CBT-Locker, Locky and TeslaCrypt ransomware infections. Click on this link; to download the utility. After downloading, install the program on your Windows computer.

A good backup program, preferably via redundant methods, including a cloud backup is the preferred solution. After removal of the ransomware program, a restoration of your backup data files will result in a minimal amount of down time. This latest round of malware attacks shows how important having a good,reliable backup is.