These Ransomware FAQs Can Save You A Lot Of Money

ransomware-on-focus-sensorstechforumSince ransomware is becoming an increasingly-growing menace, we have decided to create frequently asked questions that will help you understand better ransomware viruses and better know how to protect yourself from such. Not only you will learn more information about ransom viruses, but you will also learn what options you have to counter-react once your computer has been infected with ransomware. Let’s begin.

Q1: What Is Ransomware?

A: Ransomware is an ever-growing malware threat which may infect your computer after which encrypt your files with an encryption algorithm – a cipher that replaces the original structure of the files with it’s custom symbols to render them no longer openable. Most ransomware viruses leave a ransom note that ask users to pay a hefty fee to get their files back, usually by using BitCoin, the biggest online cryptocurrency. An example of a ransom note is the picture below, set as a wallpaper by Cerber ransomware:

cerber-4-0-new-wallpaper-sensorstechforum

Q2: How much money do I have to pay once I am infected?

A: There are many different ransomware viruses out there, and once they have infected your computer it is completely dependent on the cyber-criminals what will be the payoff amount. While some hackers just joke and restore the files for free, other want small payments in the amounts of 5 to 50 US dollars. The most notorious viruses usually demand sum approximate to 500 US dollars, but there are even greedier ransomware viruses, that demand thousands of dollars in BitCoin. Such greedy crypto-viruses usually attack institutions like hospitals and are not very widespread. The most likely change if you get hit is that you will be requested sum off approximately 100 to 500 US dollars.

Q3: How to Get Rid of a Ransomware Virus

A: Ransomware type of malware is just like any other cyber-threat out there – it enters your computer usually via fake e-mail attachment and infects you via an updated and very expensive exploit kit. Then the virus downloads malicious files in typical Windows folders like other malware does, depending on where it is pre-programmed to drop the payload:

commonly used file names and folders

The files may have different names, but they usually resemble legitimate processes of Windows. In addition to dropping files, ransomware viruses also manage to create various objects in the Windows registry entries for different purposes:

  • To make the ransom notes run on startup.
  • To change the wallpaper.
  • To set the file (module) responsible for encrypting data to run on Windows boot.

There are different removal methods for different ransomware viruses, but so far ransomware has been spotted to massively infect primarily on two operating systems amongst all (because there are ransom viruses for other OS’s as well):

  • Android.
  • Windows.

We have prepared the following tutorials below to help you learn how to remove ransomware from both your PC and your Android device:

Instructions for computers:

Manually delete ransomware from your computer

1. Boot Your PC In Safe Mode to isolate and remove ransomware files and objects
2. Find malicious files created by ransomware on your PC
3. Fix registry entries created by ransomware on your PC

Automatically remove ransomware by downloading an advanced anti-malware program

1. Remove ransomware with SpyHunter Anti-Malware Tool

Android Instructions:

1. Back up the data on your device
2. Hard-reset your device and remove ransomware

Q4: Can I recover the encrypted files without having to pay the ransom.

It is a very variable question whether you can restore all of your files, but usually, the answer is no. However, malware researchers have created decryptors for those ransomware viruses which have been encrypted until this point. This is why we have made instructions for all of the decryptors that are currently associated with ransomware viruses. So far, there are three parts of those, but expect more to be released on our blog very soon. Here are the decryption instructions:

Decrypt Files Encrypted by Ransomware Viruses PART 1
Decrypt Files Encrypted by Ransomware Viruses PART 2
Decrypt Files Encrypted by Ransomware Viruses PART 3

However, there are many dangerous and devastating ransomware viruses out there, such as Locky, Cerber3, Cerber “4.0” and of course the notorious CryptoWall that have caused massive damage and still cannot be decrypted. Those and other viruses contain very well-structured and generously coded payloads, which make it very difficult for researchers to discover a decryption solution while reverse engineering them.

There is no reason to get desperate, however, especially if you have backup enabled. Below, are several alternative methods that can help you recover your files in some specific circumstances. We suggest them out if you are interesting in attempting other solutions for data restoration. But, bear in mind that you should try these methods at your risk, this is why we advise you to back up the encrypted files before attempting those methods. Here are the alternative techniques for Windows systems:

Alternative Ransomware File Restoring Instructions

Q5: How to Pay the Ransom?

A: It is strongly advisable NOT to pay the ransom, even if it is little, because of several obvious reasons:

Paying the ransom may not get your files back.
The cyber-criminals may have broken the ransomware, and even if they restore the files, you may not get all of them back because encryption has to be tested before tried out live.
You support the cyber-criminals to purchase even more ransomware features and develop their virus and spread it further to cause more damage.
The malware may also steal your files which could then be sold by crooks to the one who pays most for them.
Ransomware viruses are no funny business, and instead of brining your files back they may infect your computer with other malware as well as more ransomware viruses.

But if you want to pay the ransom despite our warnings, it can be achieved via creating a BitCoin wallet and trading BTC for real cash. There are many trading platforms for BTC online, and there you can transfer funds in multiple ways It is not yet an advanced method to transfer money for BitCoin directly by providing your credit card details or via PayPal. However, you could use private sellers that can sell you BTC at their rate for other cryptocurrencies or Amazon Gift Cards even though it may be risky because there are a lot of scammers out there.

Q6: What Type of Files are Encrypted

A: Usually ransomware viruses encipher files that are commonly used, like videos, documents, audio files, web files, files related to programs that are often used, images, etc. Regarding file extensions, this is a lot, so ransomware usually focuses on the most widely used ones, for example:

“PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG” Source:fileinfo.com

Q7: How to Protect Myself

There are several general principles that need to be followed to combine them into a system which will significantly increase ransomware protection.

Principle 1:

Safely store your files. To learn more about how to store your data and protect it from ransomware even if it infects your computer, please read the following article:

Safely Store Your Important Files and Protect Them from Malware

Principle 2:

Change your browsing and e-mailing habits. Be on the lookout for suspicious e-mail attachments and web links especially hiding behind fake LinkedIn or other buttons. Bear in mind that before downloading anything, now it is possible to inspect it with security browser extensions, like VirusTotal extension, for example, which is completely free and should detect a virus on the spot. Also make sure that you educate all of the users on your network, because some worms that infect networks may download ransomware onto multiple computers on the network and activate it simultaneously.

Principle 3:

Get an advanced anti-malware program which is not commercial and is professional. Most anti-malware programs are advanced and do the job, but exploit kits and malware obfuscators are pre-programmed to skip the real-time protection of exactly well-known antivirus software. This is why one simple solution is to find an advanced anti-malware software that is not so famous.

Download

Malware Removal Tool

It is highly recommended to run a scan before purchasing the full version of the software to make sure that the current version of the malware can be detected by SpyHunter.

Principle 4:

Get a ransomware protection program. Usually most anti-malware and antivirus tools now have anti-ransomware features, but a separate program taking care of exactly this is a very good solution against most ransomware threats nowadays. If used in combination with anti-malware program, this will significantly improve the defense of a PC.

Q8: Can having a MacBook or iPhone Protect Me?

A: Unfortunately no. Although Mac OS is much more secure primarily because less malware is written for it, the case with ransomware is in the opposite direction. More and more ransomware viruses will be written for Apple devices, according to experts. The future of Mac OS ransomware will be primarily connected with files on iCloud and Mac users should beware. Not only this but there are lockers for iPhones at this moment which are very difficult to remove suggesting that the road for iPhone ransomware will soon be walked on.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.