Ransomware, types, infection methods, prevention methods and solutions
They are malicious programs that infect computers and mobile devices that prevent users from accessing their systems or the data stored on their devices, and the owners of malicious programs require users to pay a ransom (an amount of money) in exchange for regaining control over their data and decrypting it, and that is why it is called “ransomware”.
Types of ransomware:
The virus came for the first time in the history of 1989 and to this day every day a new virus appears and a new form and infects multiple platforms, however it can be classified into three main categories:
Encrypted ransomware: It encrypts files of all kinds on the infected device, and the files are deleted as soon as they are encrypted, and you will discover that your device is infected when you try to open one of these files. A lock screen will be displayed that enables you to access the file.
Screen lock ransom virus: The harm is clear from the name of the virus, it locks the device's screen and prevents you from accessing anything in it and displays a window similar to the previous one, and files in this type are not encrypted.
Master Boot Record (MBR) virus: MBR is the part of the hard disk that is responsible for booting the operating system, so when this type of infection this part will change and prevent the normal booting process, you will discover that your computer is infected when the device is booted up, the following screen will appear:
And there are still many classifications of many types of viruses, such as encrypted ransomware, network servers, mobile devices (Android) ransomware, and others, but you should not forget the golden rule.
Ways of injury:
How does the device get ransomware? What are the preventive means?
It is possible for you to be infected with the ransomware virus when you visit one of the unrecognized sites and you download programs from it or a file (crack), so the site makes you understand that you got what you are looking for, but it is in fact the mentioned virus, then after you run it, the virus will encrypt your files or lock the screen according to Its kind as mentioned earlier.
And perhaps an e-mail comes to you with an executable attachment that makes you think that it belongs to you and that you mean and when you open it, the virus will work.
Ransomware, the “silent killer,” works silently in secret until the file locking and encryption mechanism is implemented, so the user may not notice at first.
Means of prevention of infection with ransomware:
Speaking of means of prevention, we can conclude two methods so far:
The first: Do not use unofficial and unknown websites to install software on your computer.
The second: Do not open an e-mail from a source that you do not know and do not know who the sender is, and do not download the attachments until you are sure and know about them in advance, and do not click on links that you do not know or trust.
The third method: install an antivirus and keep it up-to-date, so that virus libraries are always updated and prevent your computer from being infected with them.
How to counter ransomware:
What should you do if your computer is infected with ransomware?
When your computer is infected with a virus, its owners will leave a message for you that you may see on the screen, or in a text file, stating how to pay to get the files. In light of the lack of a real guarantee from the owners of the virus that they will decrypt your files and device, we do not recommend paying, according to the recommendations of the CRYPTO SHERIFF project: “If the ransom is paid, it proves to cyber criminals that the ransomware is effective.”
As a result, cyber criminals will continue to operate and look for new ways to exploit systems that lead to more infections and more money in their accounts. ”
First: You must find the virus and get rid of it using an anti-virus program, we recommend Malwarebytes and you can use HitmanPro with it to make sure your device is free of any viruses.
Second: You have to know what kind of virus that infected your device in case it was a virus that encrypts your files and you want to restore it, you have two cases:
First: In the message that the owners of the virus leave, they leave you a PersonalID, and if it ends with 1, then this means that it is Offline PersonalID. Therefore, you can easily decrypt your files using one of the decryption programs for your type of virus.
As for the second: If it does not end with 1, this means that it is Online PersonalID, and therefore decrypting it will be difficult because the decryption key is with the owners of the virus exclusively.
In the event Offline is advised to go to the CRYPTO SHERIFF project, which is a joint initiative between the Dutch National Unit for Combating Technical Crime, the Europol European Center for Cybercrime and McAfee, with the aim of helping victims of ransomware to retrieve encrypted data without paying criminals.
And they always update their data and provide the necessary tools to decrypt files infected with ransomware, all you have to do is look at the site and it will help you find the right tool. CRYPTO SHERIFF
The second solution: in the event that Online PersonalID, there is another way to find and recover your files and it will be through a deleted files recovery program and you will find your files under the category of restructured files
We recommend Disk Drill
This solution may be longer and more difficult, but it is better than losing files permanently.
And we always advise in case you are unable to find the tool that decrypts your files to keep them for a later time, perhaps the virus is new and they have not been able to find the appropriate tool yet, and it is possible that the cyber crime infects the databases of ransomware owners, enabling them to publish the private keys for decryption And get the right tool.
In conclusion, we always say “an ounce of prevention is better than a pound of cure.” You must remember the simple prevention methods that prevent your computer and your files from any danger.
And again, definitely don't forget the golden rule!
Sources: kaspersky no more ransom , 1
Written by: M. Raghad rounded
