By now all of us have heard of the global ransomware attack. It has created a lot of confusions in the mind of computer users. Over 60,000 companies of more than 100 countries have become the victim of this malware. So how this ransomware works and what are the possible solutions……
What is Ransomware?
Ransomware is a malicious software that allows a hacker to restrict access to an individual’s or company’s vital information and then demands some form of payment (usually Bitcoins) to lift the restriction.
Â Here’s how encryption works, briefly:
The term ‘RANSOMWARE’ itself gives the idea of its nature. It is somehow related to some kind of ransom. Yes, exactly it is. It is a type of malware which gets into your computer and locks down all the files. Afterwards it seeks for money from the user in order to get access to the locked files. The recent ransomwares are smarter than ever. It just not only locks down the files rather it encrypts the files which makes it really impossible to crack open the locked files. As a result the users do not have any other way to regain access to their locked files but to pay the money and get the decryption code.
Meanwhile, a variety of messages and instructions â€“ often localized – are displayed on the userâ€™s home screen.
Infected users are instructed to pay a fee for the private key stored on their servers – without it, decryption is impossible. When the ransom is paid, decryption will start and a payment verification screen will be displayed. After decryption ends, the Cryptolocker files are deleted.
Note: Donâ€™t take hackersâ€™ word for it, paying the ransom does not guarantee that you can recover your files.
So how does it get into your computer..???
The easiest to get into someone’s computer is through attachments of spam emails or by entering into any unknown link. The extension of these files are different than the conventional files. Usually users turn off the file extensions, so they can not know what kind of file they are clicking on. The virus file pretends like a doc file or any other text file. But if you turn on the file extension of your computer you will see that the file extensions are different. As you click on the file all your data start encrypting and eventually asking you for ransom.
In case if you are interested these are the possible real extensions of ransomware files……( .ecc, .ezz, .exx, .zzz, .xyz, .aaa, .abc, .ccc, .vvv, .xxx, .ttt, .micro, .crypto, _crypt, .crinf, .r5a, .XRNT, .XTBL, .crypt, .R16M01D05, .pzdc, .good, .LOL!, .OMG!, .RDM, .RRK, .encryptedRSA, .crjoker, .EnCiPhErEd, .LeChiffre, .keybtc@inbox_com, .0x0, .bleep, .1999, .vault, .HA3, .toxcrypt, .magic, .SUPERCRYPT, .CTBL, .CTB2, .locky or 6-7 length extension consisting of random characters.)
How to recover a ransomware infected computer……..?
Well, for now there is no way to open the encrypted files. As I mentioned earlier you have to pay through bitcoins in order to get the decryption code.
Safety measures :
- Keep your Operating System up to date.
- Keep you Anti-Virus up to date.
- Create back up for the most important files either in a secured hard drive or in a secured cloud storage.
- Do not open any email attachments from unknown senders.
- Be careful while opening and downloading from any unknowing third party websites.
Stay safe………. 🙂