How do you prevent ransomware virus infection, responsible for deletion and request fees for decryption

Directly targeting your users with a view to withdraw large sums of money, one of the most dangerous forms of malware, ransomware site presents major challenges for manufacturers antivirus, Forced to resort to aggressive methodological procedures to ensure that users are not affected. Unfortunately, no matter how good the antivirus program used, the recovery of all files compromised ago infection ransomware is not guaranteed, prevention is the only way of maintaining truly effective protection.

A type of malware able to remove collection of photos and documents in the device memory, leaving encrypted versions that can be opened only with a key access ransomware is the digital version of robbery with hostages.

If the first form of ransomware resorted to relatively rudimentary methods, encrypting files using encryption keys unique users, relatively easy to recover for antivirus manufacturers, which provided for disinfecting tools, able to recover files that are locked in an integrated way, the same can not be said more sophisticated versions (ex. Cryptowall) That generates unique encryption keys for each device infected, they send forth a collection server in the possession of the attackers. In most cases, the files encrypted in this way can not be recovered, the injury is considerably affected users and companies.

Depending on the version, this form of malware can be widespread exploiting the vulnerabilities of web browserActivated visiting a compromised website, or accidentally installing an extension or plugin component proposed visiting a website. Another way less known autorun viruses on computers encryption victims and their content is attaching files to emails infected formulated convincing, sometimes customized to the target. This is the preferred method of CryptowallAn advanced version CryptolockerWhich encrypts documents from infected computers and then demand money from the user, in exchange for the decryption key. Infected file attached to the email, using .chm extensionAssociated HTML format compiled a seemingly harmless file type, normally used to deliver manuals and Software. In fact, these files are interactive and runs a range of technologies including JavaScript, Being able to redirect the user to an external address. By simply opening .chm fileIt independently execute various actions with the ultimate production of infections.

Relatively new, Trojan.DownLoad3.35539 (Variant CTB-Locker) Is spread through email, as an attachment in ZIP archiveContaining a file SCR extension. If the file is opened, the program extracts infected hard disk an RTF document which displays it on the display. Meanwhile, in the background, encryption software is downloaded from a server under the control of the attackers. Once decompressed and activated, it moves to scan storage devices search the user's personal documents, which sequester, substituting the original encrypted version. After the mission was accomplished, the user is notified by a message that must make payment for redemption statement.

How Cryptowall prevent infection and other similar forms of ransomware?

Taking your experts BitDefender, Regular users and system administrators can reduce the risk of infection, and damage caused by this, considering some basic rules:

  • Uses a computer security solution constantly updated and capable of active scanning.
  • Schedule back-up files to one or more external hard drives do not remain permanently connected to the PC or the local network or using service cloud storage.
  • Avoid visiting unknown websites, links or not access files included as an attachment to email messages with uncertain origin and not to provide personal information public chats or forums. Sometimes it is possible that messages with infected attachments to be received including known addresses, if the PC at the other end has been compromised, or abusive email address have been added to the Sender field.
  • Implement / lock activates a creative solution, and Antispam.
  • Use a web browser with support for virtualizares or completely disable support for playback of content Flash.
  • Employers should train their employees in terms of social engineering attempts to identify and PhishingUsing email messages.

Also, system administrators must strengthen group policies to block execution of virus specific locations. This may be achieved by Windows Professional or Windows Server Edition. Option Software Restriction Policies can be found in the editor Local Security Policy. After accessing button New Software Restriction Policies from under Additional RulesWill be used next Path Rules security level "Dissallowed"

  • "% AppData \\ Roaming \\ username \\% *. Exe"
  • "% Appdata% \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \". * Exe "
  • C: \\ <random> \\ <random> *. Exe
  • "% Temp% \\ *. Exe"
  • "% Userprofile% \\ Start Menu \\ Programs \\ Startup \\ * .exe"
  • "% Userprofile% \\ *. Exe"
  • "\\ AppData \\% username% *. Exe"
  • "% AppData \\ Local \\ username \\% *. Exe"
  • "% Username% \\ Application Data \\ *. Exe"
  • "% Username% \\ Application Data \\ Microsoft \\ *. Exe"
  • "% Username% \\ Local Settings \\ Application Data \\ *. Exe"

Using these mechanisms should limit or block CryptowallBut for more protection, Bitdefender proposes Cryptowall Immunizer. Acting as additional protective mechanism, which works in parallel with antivirus permanently activated, the tool allows users to immunize computers and block any attempt file encryptionBefore it takes place.

How do you prevent ransomware virus infection, responsible for deletion and request fees for decryption

About the author

crys

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment is processed.