Please be aware and extra vigilant that Ransomware attacks such as Cryptolocker, Cryptowall and CryptoDefense on computers are rapidly increasing and affecting many Windows machines. The main principle of the attacks is that it encrypts files on a system’s hard drive using an unbreakable key and can only be decrypted by the attacker once a ransom is paid usually an online currency such as Bitcoin.
This means that once affected any document you have will no longer be accessible and programs could no longer function and also any data you may have could be lost.
The ransom fee can be from £100 but can rise to over £1000 to decrypt your files. We do not recommend paying the ransom as it only encourages this type of attack and there is no guarantee you will recover your files even if you have paid the ransom.
The method of getting this sort of malware used to be by clicking on an attachment in an eye-catching email but now these are being deployed through hyperlinks on sites or via social networks or instant messages.
There are various things you can do to limit the threat of receiving such dangerous malware. We have listed these below:
- Think Before Clicking (do not open an attachment or click on a link if you are not sure what it is and who it is from)
- Ensure your Anti-Virus is up to date
- Be extra vigilant by clicking on any attachment unless you know it is safe especially if it is from someone who you don’t know. However, the attackers have become even more clever by sending emails from who you believe you know or your contacts. Anything with a link or an attachment must be given serious consideration before opening. Also be aware that a simple PDF file (which may look like an Invoice, for example) and has a .pdf extension can actually be disguised as an executable program that contains the malware. The same principle applies to a Word (.doc) or image (.gif,.jpg). Files can also look like they have two extensions e.g .tesfile.avi.exe so be warned of this sort of trick.
- Backup Your Files. Make sure all your important files are backed up regularly (with version histories) to either another device like a USB or to the cloud. This way if you are infected then you can easily restore the latest version back on the machine. If your files are being backed up on a day to day basis make sure the version history has a sufficient retention period otherwise you could override your good backup with the affected files.
- Keep Software Up To Date. Ensure your Operating System (i.e. Windows, OS X), antivirus, web browsers, Adobe and other software is always up to date. For Windows any operating system such as XP or below is no longer supported so if you are still using XP or Vista it may now be a good time to upgrade your operating system.
- Ensure your software firewall is turned on. Most ransomware tries to connect to a remote server to get instructions on how to operate.
- Personalise your anti-spam settings. If you are able to then configure your webmail server to block dubious attachments like .exe, .vbs or.scr. Make sure you have a good Anti-Virus installed and up to date. The continued growth of ransomware means that the Anti-Virus industry is always trying to keep up with new software attacks so they cannot always be 100% bulletproof.
- Install a good Anti-Malware application such as MalwareBytes – and keep it up-to-date. As well as your Anti-Virus software it is a good idea to purchase MalwareBytes AntiMalware so you scan any file before running or opening.
- Make sure you disable file sharing. If you are on a domain or network and have drive mappings then all those files on the drives could be affected as well which could compromise your whole office files and environment.
If you are affected by ransomware:
- Disconnect the network connection immediately
- Use System Restore to return your computer to a known state