I decided to start a topic about useful tips on ransomware.

Things that can help you prevent such an infection that encrypts your files,
and things that can help if something unfortunate like that already happened.

Tip #1: If you see that a ransomware is in the process of encrypting your files, shutdown your PC as quickly as possible from the Power button.

Tougher ransomware viruses usually delete their key.dat file from your HDD/SSD,
that is used to encrypt your files, after the encryption process is 100% finished.

If you are successful and interrupt the encryption process, it is very likely that
you will still have the key.dat file with which you can decrypt ALL of your files.

Everybody is encouraged to contribute with tips that he/she knows about ransomware viruses. You can share ideas and thoughts too!

EDIT: It might be a good idea to keep a few files on your desktop - like documents and pictures with 1-2 different extensions (just in case).

Tip #2: Don't forget to BACKUP! Do regular backups of your important files! It is the best prevention method. Keep these files in 2 locations if you can as well!!!!

Yes, that is also a key note! Without backups there is almost absolutely no other way of recovering files after decryption.

And to keep this from being off-topic, I would suggest:

Tip#3: Do NOT format! In case you got your files decrypted now or in the past, and no matter if you removed the ransomware or not - never format your drives. There are cases where data recovery tools can recover some of the files. And there are specialists who deal with data recovery who could extract deleted files.

Tip#4: Keep everything updated! This includes your operating system, browsers and anti-malware program.
Also, if you still have Java and Adobe's Flash Player and intend to keep them installed, be sure to update them as well.
Update everything from it's original source or through the programs themselves.

Tip#5: Reveal file extensions! By doing this you can see if a file is suspicious from its extension.
For example, you get an email which says it contains an important document.
You see the file name Important.doc - but it is actually Important.doc.exe. Never open such files!

To reveal extensions, follow the steps for each operating system:

For MAC users:

Step 1: Open a new Finder window
Step 2: From the Menu bar, go to Finder and select Preferences
Step 3: Click on the Advanced tab
Step 4: Tick the box Show all filename extensions

(If you want to hide file extensions, just untick the box).

For WINDOWS 10 users:

Step 1: Click Start and then click File Explorer
Step 2: Click the View tab in File Explorer and then click the Options button
(or open the drop down menu and click on Change folder and search options)
Step 3: Select the View tab at the top of Folder Options
Step 4: To see file extensions, untick Hide extensions for known file types
Step 5: To see hidden files and folders, tick Show hidden files, folders, and drives
Step 6: Click "OK" to save your changes

For WINDOWS 8 and 8.1 users:

Step 1: On the Start menu, begin typing "Control"
Step 2: When Control Panel is listed under Apps, click on it
Step 3: If you are in the Category View, open the drop down menu and select Large icons or Small icons
Step 4: Open Folder Options
Step 5: Click on the View tab at the top of the dialog box
Step 6: To see file extensions, untick Hide file extensions for known file types
Step 7: To see hidden files and folders, tick Show hidden files, folders, and drives
Step 8: Click "OK" to save your changes

For Windows 7, Vista, and XP users:

Step 1: Click the Start menu button and open the Control Panel

Step 2:

• Windows 7: If you are in the Category View, open the drop down menu and select Large icons or Small icons
• Windows Vista or Windows XP: Switch to the Classic View if you are not already in this view

Step 3: Open Folder Options (or Folder and View Options)
Step 4: Click on the View tab at the top of the dialog box
To see file extensions, uncheck Hide file extensions for known file types
To see hidden files and folders, select Show hidden files, folders, and drives
Step 5: Click "OK" to save your changes

Tip#6: Have security software installed!

Security software guarding against different kinds of malware is always a great choice and you probably already have one. But keep in mind, that having a few security programs installed, each providing protection from specific kind of malware, such as spyware, trojans and ransomware is always a wise idea. Especially, if they are compatible with each other.

There is also a new and interesting free tool you can try. It is BitDefender's Anti-Ransomware tool.
It protects against Locky, CTB-Locker and TeslaCrypt.

You can read more about it and download it, here: http://sensorstechforum.com/bitdefender-anti-ransomware-software-review/

Tip#7: Be very careful around emails!

You may have received or receive suspicious emails in the future. Such emails may contain links, attachments and even phone numbers and emails.

Also, the email may look like an email of a person you have often communicated with. Sometimes, the sender's email address may be an exact copy of an email you have sent messages to. (Try sending an email back if you doubt it - most of the times the fake email disappears from the "Send To" box. Also, contact the person in another way - like calling him on the phone, to double check.)

Every little detail is done to make you curious or try to convince you to do an action. Mostly such spam/scam emails are targeted at your banking and credit card details, but there is an increasing trend, these emails to be an outlet for ransomware distribution.

Here are a few samples from real spam/scam emails:

Hello <Your name>,
/link/
Hope this helps,
<Initials of a name on one the e-mail addresses you have communicated with>

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Valued Customer,

Please note that starting from April 09, 2016 we will be introducing new online banking authentication procedures in order to protect the private information of all online banking users.

You are required to confirm your online banking details with us as you will not be able to have access to your accounts until this has been done.
As you're already registered for online banking all you need to do is to confirm your online banking details.

Confirm your details /link/

Once you've completed this you'll be able to manage your money whenever you want, giving you more control of your finances.

Regards
Customer Service
Santander Alert Team

This message has been seen to be sent allegedly by The Halifax Team

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

I AM MR. DIOUF MOUKA FROM BURKINA FASO I HAVE A GENIUE
BUSINESS TRANSACTION OF 30MILLION U.S DOLLAS TO DO WITH YOU
IF YOU ARE INTERESTED SEND TO ME THE FOLLOWING INFORMATION
IMMEDIATELY.

YOUR FULL NAME......
YOUR OCCUPATION.....
YOUR AGE........
YOUR MARITAL STATUS.....
YOUR PHONE NUMBER.....
YOUR COUNTRY/NATIONALITY.....

AND REPLY TO THIS EMAIL ADDRESS diouf(.)mouka4**@gmail.com

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

YOU WON US$2,800,000.00 via WESTERN UNION.

Hello,

We are here to notify you that the sum of US$2,800,000.00 was generated and awarded to you by the United Arab Emirates, West Africa commission and the Western Union Foundation as one of the customers who uses Western Union in their business transaction.

So, contact the Western union Agent: Mr. Vincent Rex. His Tel: +226 6162 5519 E-mail :(westernunion@***est(.)com) he will issue to you how you will be receiving the funds you can also ask him to send to you a proof, the ownership certificate of the Funds. It is for you to be sure that the funds belong to you.

Yours Faithfully,
Samie Salam
Awards Coordinator United Arab Emirate Commission/WEST AFRICA AND Western Union Foundation, Congratulation Once again.

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

If you haven't made your 1st $2,725 online yet...
Here's Your Free Ticket...
Grab it With Both Hands NOW!
If your on a tight budget or just sick of spending
money on c**p that doesn't deliver results...
Here's a sustainable way to make money online...
You'll Love This!
I do.

Talk soon,
Scarlett

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Attn: Sir/Madam

We are offering a job position in our company. Casatex Textile Limited is employing individuals to work for the company as a Sales Representative/Payment Receiving Agent.
You don't need to have an Office and this certainly won't disturb any form of work, you have at the moment.

Salary: No basic salary, lucrative commissions structures. Average income range between $1000 - $3000 pm.
Position: Sales Representative/Payment processing Agent
Experience: None Required- We will guide you through.
Age Requirements: From 25yrs and Above
Schedule: 5+ hours/week. You choose your hours.
Please fill out the attached form and affix a copy of your passport and send back to us
Admission is free of charge.
Scam Warnings!!! : Do not pay for a job, Your job has to pay you, BEWARE of Scams.
 
In Trust and Good Faith,
Mrs. Mary Russell

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


BEWARE! As there probably are more well-written and more convincing emails out there!

Tip#8: Disable remote services and unused connections!

Disabling all remote services as Remote Access to your computer, the Remote Desktop Protocol, as well as Remote Assistance is necessary in this day an age. It's a good way of preventing ransomware and Trojan horses related to it, from spreading further onto your network, or doing more harm to your PC.

Disabling any Network Connections that are not in use, including Bluetooth and Infrared ports is another great idea of stopping cyber criminals of exploiting them.

Tip#9: Install an Anti-Ransomware Tool!

Installing and enabling an Anti-Ransomware Tool will add an additional layer of Protection to your system!
Since different tools work in unique ways for them, you can run multiple such tools at the same time.

There are plenty of Free ones out there. Find out the Most Popular Free Anti-Ransomware Tools.

Tip#10: Disable the Shadow Volume Service (vssadmin.exe)

Ransomware can delete all shadow volume copies created on your system with a single command.
In order to prevent this, you can rename the service so the command is not executed, and you have an older backup of most of your files.

In case of a ransomware attack, you can revert the service's original name, so you can use the backup.

Tip#10: Keep your Firewall ON!

You should always keep your Firewall ON and running at all times! The more layers of protection you have - the better!
(The Firewall controls incoming and outgoing traffic, based on security rules, so it can stop other malware and even some hackers!)

Tip#11: Disable macros in Microsoft Office!

You should disable any macros from running in Microsoft Office - be it Word, Excel, Access, PowerPoint or other applications!
Macros can be executed with a malicious script and release the payload of many ransomware viruses.

To do that, simply:

Click the Microsoft Office Button, and then go to Access Options.
Click Trust Center, and select Trust Center Settings, and after that choose Macro Settings.
Choose the setting Disable all macros without notification (This option will disable macros, when it is applied.)

This is a good prevention tactic against ransomware which uses scripts hidden in Word documents and the like.
Even if you downloaded such a document, the ransomware wouldn't be able to run and do anything to your computer.

Another useful tip is to disable some ports on your Windows system, that are not really used unless you are some sort of power user, who uses the Common Internet File System (CIFS), Client/Server Communication and NetBIOS for some reason. The famous WannaCry ransomware (and later Petya.A) have both used these ports as entry points for injecting their malicious file into computer systems.
It would be only wise to close these ports as ransomware viruse in the future might utilize them as well to infect PCs.

Here's what you should do:

Open the Command Prompt (cmd.exe) with Administrator privileges.
Then type the following command lines into the box to disable the ports:

netsh advfirewall set allprofile state on

netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=445 name="Block_TCP-445"

netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=135 name="Block_TCP-135"

netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=138 name="Block_TCP-138"

netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=139 name="Block_TCP-139"

At the end of each command, the CMD should say "Ok." and that is it! Stay safe!

Yet another tip that can help you with ransomware or malware prevention in general is by checking your emails.
What I mean is, to scan your emails and their attachements with the ZipeZip scanner.
Although it won't catch absolutely every threat, it will notify you about most and it is a good way to make sure you mail is clean.

In this ZipeZip Online Archiver Malware Scanner Guide you can learn exactly how to use it.
The best thing about it - its free and does not require any registration!