What to do when contamination from ransomware?

- Buma / Stemra virus was the first virus in the category of ransomware which gained notoriety in the Netherlands. This virus sends a message that is not allowed to remove easily. Ransomware can make it unreachable even personal files in severe cases. How do you deal with such an infection?

Of course it was not Buma / Stemra self that comes with a penalty. In fact, this party is not authorized to hand out fines and no one is authorized to simply lock your system, for whatever reason. But people believe in it is not very surprising, the warning screen (which is not easy to click away) uses real logos and expensive language that contains on average less grammatical mistakes than phishing emails.

There also appeared variants for traffic fines, Justice and even the FBI and CIA. All of them had a clear motive: bring in money through a payment that is not traceable. Were you relieved after payment? No. In most cases, the virus disappeared into the background of your PC, to spend a few weeks later harass for payment.

Fining music listeners even goes a shadowy party as Buma / Stemra is a bridge too far. In fact, they may disagree.

Luckily the Buma / Stemra virus fairly innocent. Virus could easily make short work of the lock to completely remove the malware, without a penny was paid to criminals. But the type of virus appeared to be very lucrative, which began cat-and-mouse game between the virus creators and security. Meanwhile, ransomware, which your computer is locked, evolved into crypto malware that your important files are encrypted using encryption (and hence the name). The ontsleutelcode you get only after you have paid (they say). Halfway through 2014 plunged this form of malware for the first time on a large scale: Crypto Locker.

This malware for Windows encrypted files and demanded ransom in the form of Bitcoin. The ontsleutelcode was stored on the servers of the criminals and if that was not bad enough, the payment had to be made within a short deadline, another key was removed.

Infection with ransomware is frustrating, but being infected with crypto malware can be a nightmare. Especially if you have no backup. As in many cases, prevention is better than cure. But what can you do if the accident has already been done?

Pay, or you lose your files.

Torrent Locker hit far with a forged e-mail containing a link to a so-called track-and-trace of the post.

We asked security experts Righard Zwienenberg (ESET) and Eddy Willems (G DATA) how to act best when your system is made inaccessible by ransom- or crypto malware. The answer to the question, it is wise to pay if you really want in your system or to decrypt files were either experts particularly clear: Do not pay! Not only because of the aforementioned reason that your system (probably) remains infected, but Willems also touched on another point: The chance that you actually get the ontsleutelcode is small. In most cases, there is even no ability to decrypt. Quot;

No ontsleutelcode basically means that your system or files are virtually unrecoverable, unless there is a work of genius cryptographer at a security company who manufactures a ontsleutelcode. How do you respond to an infection? Quot; The moment you notice that you are infected by some form of ransomware, most ransomware will report this immediately to the user. Meanwhile, in the background the hostage files continue , thus Zwienenberg. Quot; Go before the ransomware is removed, no backup try to restore, for example, an external hard drive, as ransomware then the backup can hostage. It is of course sensible to hang back up continuously on a system. This way you make the ransomware or other malware very easy. Quot;

Many people also use their cloud storage for backup. Ward adds: first note of the Bitcoin wallet address where you have to pay (this is the only clue that there is to the criminals). Then disconnect your PC from the network and the Internet so that the malware no chance to infect other devices on the network, or you affect files in the cloud. Quot;

By acting quickly, you can thus prevent damage. According Zwienenberg get you as a user in most cases of infection directly notified, while the crypto malware in the background more and more encrypted files. Another step you can take is your PC starting a recovery CD or USB key drive. It is therefore advisable to always keep such a bootable CD or stick in hand. Most antivirus companies (such as Kaspersky, Bitdefender, G DATA, ESET) offer this for free. When you get started with this, it is possible to scan your computer and remove the malware before it encrypts multiple files. When you boot from a bootable USB stick, the infected Windows does not start it. This allows the malware will not have the ability to encrypt more and you can possibly secure key non-affected files. Unfortunately, it is almost impossible to recover already encrypted files even agree Willems and Zwienenberg.

It's such a cliché, but prevention is better than cure in the case of system hostage. Firstly, it is important that you have a good current backup (preferably even more than one). That can on an external drive, but the drive torque is always loose after making the backup and be always sure that the system (again) malware free is when you mount the disk. Never trust a backup on an internal disk or partition.

If you have any privacy concerns, sufficient backup in the cloud (eg OneDrive, Dropbox or Google Drive). However, note that if you install a client for cloud storage, it synchronizes the files in the local folder with your cloud storage. So, in case of contamination cloud storage software overwrites the files online with local infected files. A NAS is a safe storage location, but make sure that their software is always up to date. There is a form of crypto malware in circulation have been specifically Synology NAS devices infected by a security, which quickly became poem by Synology. A handy free tool to your backups to settle with is EASEUS Todo Backup, on our site you can read exactly how to use this program.

Also make sure you have antivirus software on your system. Not only anti-virus capable of removing malware, virus scanners also include a heuristic scanner that preventive engages in suspicious behavior, such as overwriting files in My Documents with random-looking zeros and ones. Windows 8 and Windows 10 systems are already protected by the free Windows Defender. But because this virus in tests but earned mediocre scores, we suggest an alternative virus scanner. This can be paid software, but free is also sufficient. Recently, we conducted a comparative test the free virus scanner you can choose the best, this test can be found here.

Most crypto malware infections occur through security holes in software, such as Java, Silverlight or Flash. If you like this type of software is not used (more) anyway recommended to remove it. Make sure in any case also ensure that your software is up to date. Enter Always updates and forget the Windows Update course not. Optionally, you can check with a free tool like Secunia Personal Software Inspector, or if your software up to date.

Keep all the programs up-to-date.

Malwarebytes has recently released a tool which specifically protects against ransom- and crypto malware. When the program detects any suspicious activity, such as locking programs or the use of encryption, it intervenes. Malwarebytes Anti-ransomware is still in beta, but why try it out for free. The tool is moreover no substitute for antivirus software.

An extra lock on the door.

Data from research to ransom- and crypto malware from the National Cyber ​​Security Centre.

While prevention is always better than cure, you can never be quite sure that your system is not infected with ransomware, as with other viruses. cure is to do your system, but there is a very slight chance that encrypted files can be recovered. We can not continue to stress the importance of a good backup. If you have not backed up, it is also necessary to pay the temptation to resist, but your options are limited. A bootable USB stick or CD offers a small chance. Declare and Bitcoin wallet share can not hurt, but will likely do little. Zwienenberg thereby adds: Please contact your antivirus vendor. In many cases it may become available to the system via a detour, and the files are recovered. The support department of the security suite vendor you can help. Quot;

Also make sure your NAS up-to-date.