Ransomware Attack
Overview
A Ransomware is a computer malware that is meant to lock the computer’s files using a certain cryptography.
Once the computer is infected, the virus can be spread to all the network drives that this computer has the permission to be mapped to.
The general purpose of this malware is to make the victim pay for the hacker in order to decrypt his files and gain back access to them.
How can a Ransomware attack a PC?
The Ransomware is a very advanced malware, it can be spread by email. It convinces the users that the email is safe by using the name and email address of the most recent contacts in the mailbox. The most dangerous part of a Ransomware is that it is able to observe the network it is attacking, before taking action. Using this strategy, it will be able to send an email to a certain user, using another colleague a the sender, and even choosing a topic that was used in previous emails between these 2 users, e.g. “invoices”. When the user receives an email with the subject “invoices” for example, and from a colleague, he will not think twice before opening the email and downloading the attachment that is actually the malware itself.
What form does a Ransomware take?
Usually a Ransomware is received in an attachment under a .zip file, and sometimes in a .pdf file. If it was the case of a .zip file, once the zip file downloaded, it will extract itself and run the .exe file that was inside the zip file. In the case of a pdf, once the pdf is downloaded, the macro file (script) that is programmed in the pdf file will start by itself and spread the malware on the PC.
How to prevent a Ransomware to attack the company?
The only way to avoid being infected by a ransomware is to always report suspicious emails as spam, and to avoid downloading attachments that might look risky. For example if a user is sending invoices, the file extension should not be .exe. All users should be aware that they might receive an email at any time containing a malware.
What if a PC was infected?
Once a PC is infected, it is mandatory to disconnect the PC from the network, since it’s aim is to infect all the shared folders on the network making way for it to infect the server itself. After disconnecting it from the network, it is highly recommended to contact your local IT support and avoid trying to fix the problem yourself because it can make things worst.
Below is an example of how your desktop background will look like once you are infected with a certain Ransomware.
How to fix an infected PC and recover the files?
Unfortunately, and since this type of malware is very advanced, no anti-virus can protect the PC from being infected by a Ransomware. As mentioned before, this type of malware can be disguised by another .zip or .pdf file. Therefore, it is obvious that the only way to recover the encrypted files, is by backing them up regularly. But since the malware is able to access all the shared folders and the servers, then it will be able to access the backup files and encrypt them as well.
Thus, to be on the safe side, a backup of the backup is required. This double backup should NOT be always connected to the network to avoid being infected too, it should be only plugged when the backup process is active, and immediately unplugged when the process is over.
Conclusion?
- Never hesitate to contact your local support when an email seems suspicious
- Report infected emails as Spam
- Perform a backup to the backup, and keep it away from the network
- Stay on the safe side, don’t download random attachments
- This way you will avoid having this:
