Jump to content
Sign in to follow this  
Tech 425

Hit by RansomWare? This is What You Need to do NOW!!

Recommended Posts

Hit by RansomWare? This is What You Need to do NOW!!

image.jpg

Ransomware is a growing threat – here's what you should do if you fall victim to an attack.

Ransomware is a form of malware on your computer that can lock your screen, files or operating system temporarily. It does so with the expectation that you, the user, will fork over the cash to get yourself out of the bind that an exploitative transgressor has used to hold your machine hostage. 

It’s been around for over 20 years now in one form or another, but never before has malware been so prevalent – and now, in an age where digital currencies, such as Bitcoin and Ethereum, can be used to conceal such dubious transactions, it’s increasingly likely that you'll encounter one of many ransomware ‘strains’ in the near or distant future.

Unfortunately, what’s less clear is what to do in the event that you’re struck by ransomware; with so many variables, including what type of ransomware you’ve fallen victim to, extricating yourself from an attack is no easy task. Luckily, we at TechRadar Pro are here to bail you out.

Screen-locking or encrypting ransomware?

Generally, there are two kinds of ransomware that you could be facing for which simply rebooting your machine or clearing your browser cache isn’t an immediately viable solution. 

The first, and easiest to resolve, is called screen-locking ransomware. This stunt typically involves a warning, allegedly issued by the police, FBI or other authority, that unless you pay the amount demanded your system will remain unusable. 

You’ll see screen-locking ransomware like this dubbed with a variety of different names, such as ‘lock screen ransomware’, across the web. However, for the sake of consistency we’re going to refer to it as screen-locking ransomware throughout this guide.

image.jpg

The other common type of ransomware is a tad more complicated to address. It’s called encrypting ransomware, and often it will lock or progressively delete your precious files, as an incentive for you to reach for your wallet instead of taking the time to carefully consider your next steps. 

Regardless of what type of ransomware you’re seeing, the first step is to make sure that it’s real. It’s easy for fraudsters  to tap into the naivety of PC or Mac users by producing a fake ransom that someone will inevitably believe. 

If you’re on Windows, try opening Task Manager and closing out of the compromised application by pressing the Control, Shift and Esc keys simultaneously. If you’re on a Mac, do the same thing in Activity Monitor by pressing Command, Option and Esc.

Terminating screen-locking ransomware

If you’ve determined that it’s screen-locking ransomware you’re dealing with, and that no amount of keyboard shortcuts can save you, you’ll want to start contemplating your options. Before you do that, though, make sure nothing is connected to the infected device in question, lest the disease spread and your whole office get mad at you.

That means disconnect any connected peripherals, such as external hard drives, printers, webcams and anything else that could potentially be used to ruin your life like that one episode of Black Mirror – learn from Shut Up and Dance. Then, disconnect from the internet completely if you can.

Next, try to take a screenshot of the ransom note. If that’s impossible, use a phone or camera to take a photograph of the note on your screen. This can be used as evidence should you decide to file a police report later on.

image.jpg

If you’re using a Windows laptop or tablet, restart your system in Safe Mode by turning it off and then turning it back on while holding both the power and ‘S’ buttons on the keyboard. Mac users should reboot their computers by holding shift during bootup, and Windows PC users should consult their motherboard instruction manuals to access Safe Mode from the BIOS.

From there, you should be able to dislodge the ransomware using a free malware removal tool. 

If that doesn’t work, you can attempt to return to an earlier system state either in Windows System Restore (Select ‘Advanced Boot Options’ at startup or search ‘Recovery Options’ from the Cortana-enabled search bar at the bottom-left corner of the screen). Mac users can perform a similar exercise by restoring their files in Time Machine (Command+Space+Time Machine). 

After you've done this, we recommend running your antivirus software of choice one more time before filing a police report as your final step. 

Discharging encrypting ransomware

Encrypting ransomware has become increasingly common in the last couple of years. It goes by a number of different names, or strains, too, although there are only a few you’ll have to familiarize yourself with. 

Some of these strains, like GoldenEye and Crysis, are named after popular video games, the latter of which you won’t want to run no matter how impressive your graphics card is. Others have been crafted after horror movie villains, as is the case with Jigsaw, which is programmed to delete all of your files slowly and painfully over a 72-hour span.

If you or someone you know has fallen victim to encrypting ransomware, you’ll want to take a lot of the same steps we talked about in the previous, screen-locking ransomware section. So get disconnecting all of your peripherals and network connections, take a picture of the ransom note and make sure you have the best antivirus to troubleshoot the issue.

Should your trusty antivirus fail you the first time, reboot into Safe Mode using these instructions and try it again:

  • Windows tablet/laptop: Power button + S at startup
  • Windows desktop PC: Click restart + hold down Shift on login screen
  • Mac: Restart + hold down Shift

Once you’re in Safe Mode, do what you can to recover your files, either encrypted or deleted. There’s a plethora of file recovery software out there you can use. You can also use Crypto Sheriff and ID Ransomware to identify the encryption you’re dealing with and remove it from there. 

There’s also a website called No More Ransom that’s equipped with the decryption tools necessary to remove some types of ransomware decryption. 

 

https://www.nomoreransom.org/?_ga=2.217205840.716712858.1519691041-379849195.1511895919

 

If you have your important files backed up elsewhere, perhaps the best way to get rid of encrypting ransomware without succumbing to the desires of criminals is to reinstall your OS. 

Reinstall Windows 10

Mac users can reinstall macOS High Sierra by powering-on or restarting their computers and holding Command and R at the same time to access macOS Utilities, then selecting ‘Reinstall macOS’. 

Remember to file a police report using the photo you took earlier when you’re done.

Edited by Tech 425
Image Fixed
  • Like 1

Share this post


Link to post
Share on other sites

yeah ransomware has been around for ever.. pain in the butt.. ive dealt with it alot fixing clients computers, never dealt with the encrypting versions though.. i usually just reboot into safemode and run a portable version of unhackme and malwarebytes.. then just remove the left overs manually.. thanx for the read tech.. :sun:

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×