A few days back, one of my friends called and asked me, I’m seeing some messages on my desktop asking to pay 500$ to unlock my PC. I understood he is the latest victim of Ransomware attack. But, he is not alone. The same scenario is kinda usual thing in the western world not in Sri Lanka. But, Sri Lanka is also a playground for cyber criminals all around the world. Last 2 years cyber espionage related to Sri Lanka starts to hit the local and international media.
Last year, someone hacked into Bangladesh bank, stole $951million and $20million of that money traced to Sri Lanka. Now ransomwares are starting to spread all over the island. So, to protect the fellow Sri Lankan from being a victim of this attacks we wrote up this guide.
On this page:
- What is ransomware?
- What does ransomware do?
- How ransomware spreads?
- How can you avoid and bounce from a ransomware attack?
- How to decrypt your data without paying a single penny?
What is ransomware?
Ransomware is a malware that will get installed in your PC/ mobile without your knowledge and encrypt your files or holds functions of your devices for ransom. It won’t allow you to use your files/devices until you pay the ransom.
With the increased flow of ransomware stories day by day, it’s kinda hard to keep track of the each variant However, they are typically broken up into two major types based on their function.
- Lockscreen ransomware – Which will show a full-screen message you to whenever you try to access your device and prevent you from access.
- Encryption ransomware – It will allow you to access your device but, you can’t access data that stored on your device. Because it will encrypt every data on your device.
What does ransomware do?
There are different types of ransomwares based on their functions. But, technically all are doing the same thing, prevent users from using their devices, and ask to pay money or complete some other tasks to get back your data.
However, it’s also not sure that paying ransom will get your files back. So, in that case, “prevention is better than cure”.
You can assume that you are under attack if you see any of the following.
- Locked screen
- Encrypted files/ folders
- Renamed folders/files
- Ransomware note
- Locked applications.
The symptoms may vary based on the ransomware variants.
How ransomware spreads?
Like most of other malware, ransomware also spreads through the internet. That doesn’t mean ransomware can’t spread without the internet. Attacker finds the easy way to affect the system. You can fall into ransomware trap if you,
- Have a habit of browsing untrusted sites.
- Download files from untrusted sites.
- Opening links on mails that you receive from people you don’t know.
- Installing pirated software.
- Lazy to update the software versions whenever there is an update available.
- Connecting your device to the already infected network.
- SMS messages (Usually use to install ransomware on your mobile devices)
- Vulnerable for SOCIAL ENGINEERING.
How can you avoid and bounce from a ransomware attack?
Simply by avoiding the above things you can avoid 90% of ransomware attacks. Then what about the balance 10%? You have to take some other precaution steps to bounce from it. Steps that can help you to fight against ransomware attacks are,
- Don’t store important data on your devices that you use on daily basis.
- Have local and cloud backup. You can use an external drive for local backups and cloud storages like Google drive, Onedrive, dropbox for cloud backups.
- Use reliable and paid antivirus programs which should have real time scanner and auto-update functions.
- Use ad blockers to avoid malicious advertisements.
- Always keep your device firewall enable.
- Check links clearly before click on it.
These are some precautions methods to secure yourself from ransomware attack.
Got ransomware? What are your options?
If your computer got locked by ransomware you have to take these steps to prevent from getting a huge loss.
- If you are using a computer connected to a network, separate it as soon as possible to secure other computers from being infected.
- If you have a backup of your data, erase everything (if you wanna analyze the ransomware, take backup of your encrypted files) including the OS and do a fresh install.
- If you know the ransomware variant, checkout the site Nomoreransom for a decryption tool. Nomoreransom is a project jointly run by law enforcements and IT security companies. You might get the decryption tool but unfortunately, it’s limited to some ransomware variants.
- And if these things didn’t help you to get back your data, don’t send money to get it back. Because there is a 99% chance that you will lose your money too.
And just to remember one more time: Always try to have two backups(at least one), so that you won’t get affected badly incase your computer got infected.