How do you prevent ransomware virus infection, responsible for deletion and request fees for decryption

Directly targeting your users with a view to withdraw large sums of money, one of the most dangerous forms of malware, ransomware site presents major challenges for manufacturers antivirus, Forced to resort to aggressive methodological procedures to ensure that users are not affected. Unfortunately, no matter how good the antivirus program used, the recovery of all files compromised ago infection ransomware is not guaranteed, prevention is the only way of maintaining truly effective protection.

A type of malware able to remove collection of photos and documents in the device memory, leaving encrypted versions that can be opened only with a key access ransomware is the digital version of robbery with hostages.

If the first form of ransomware resorted to relatively rudimentary methods, encrypting files using encryption keys unique users, relatively easy to recover for antivirus manufacturers, which provided for disinfecting tools, able to recover files that are locked in an integrated way, the same can not be said more sophisticated versions (ex. Cryptowall) That generates unique encryption keys for each device infected, they send forth a collection server in the possession of the attackers. In most cases, the files encrypted in this way can not be recovered, the injury is considerably affected users and companies.

Depending on the version, this form of malware can be widespread exploiting the vulnerabilities of web browserActivated visiting a compromised website, or accidentally installing an extension or plugin component proposed visiting a website. Another way less known autorun viruses on computers encryption victims and their content is attaching files to emails infected formulated convincing, sometimes customized to the target. This is the preferred method of CryptowallAn advanced version CryptolockerWhich encrypts documents from infected computers and then demand money from the user, in exchange for the decryption key. Infected file attached to the email, using .chm extensionAssociated HTML format compiled a seemingly harmless file type, normally used to deliver manuals and Software. In fact, these files are interactive and runs a range of technologies including JavaScript, Being able to redirect the user to an external address. By simply opening .chm fileIt independently execute various actions with the ultimate production of infections.

Relatively new, Trojan.DownLoad3.35539 (Variant CTB-Locker) Is spread through email, as an attachment in ZIP archiveContaining a file SCR extension. If the file is opened, the infected program extracts the hard disk an RTF document which it displays on the display. Meanwhile, in the background, the encryption program is downloaded from a server under the control of the attackers. Once decompressed and activated, it scans storage devices for the user's personal documents, which they seize, replacing the original with encrypted versions. After the mission has been completed, the user is notified by a message that he must pay for the redemption of personal data.

How Cryptowall prevent infection and other similar forms of ransomware?

Taking your experts BitDefender, regular users and administratorThe system can considerably reduce the risk of infection, as well as the damage caused by it, taking into account a few basic rules:

  • Uses a constantly updated computer security solution capable of active scanning.
  • Schedule back-up files on one or more hard diskexternal devices that do not remain permanently connected to the PC or in the local network or using service cloud storage.
  • Avoid visiting unknown websites, links or not access files included as an attachment to email messages with uncertain origin and not to provide personal information public chats or forums. Sometimes it is possible that messages with infected attachments to be received including known addresses, if the PC at the other end has been compromised, or abusive email address have been added to the Sender field.
  • Implement / lock activates a creative solution, and Antispam.
  • Use a web browser with support for virtualizares or completely disable support for playback of content Flash.
  • Employers should train their employees in terms of social engineering attempts to identify and PhishingUsing email messages.
"%username%\\Appdata\\Roaming\\*.exe"
"%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\\.*exe"
C:\\<random>\\<random>*.exe
"%temp%\\*.exe"
"%userprofile%\\Start Menu\\Programs\\Startup\\*.exe"
"%userprofile%\\*.exe"
"%username%\\Appdata\\*.exe"
"%username%\\Appdata\\Local\\*.exe"
"%username%\\Application Data\\*.exe"
"%username%\\Application Data\\Microsoft\\*.exe"
"%username%\\Local Settings\\Application Data\\*.exe"

At the same time, administratorThe system needs to strengthen group policies to block the execution of the virus from specific locations. This can be done on Windows Professional or Windows Server Edition. option Software Restriction Policies can be found in the editor Local Security Policy. After accessing button New Software Restriction Policies from under Additional RulesWill be used next Path Rules with “Dissallowed” security level:

Using these mechanisms should limit or block CryptowallBut for more protection, Bitdefender proposes Cryptowall Immunizer. Acting as additional protective mechanism, which works in parallel with antivirus permanently activated, the tool allows users to immunize computers and block any attempt file encryptionBefore it takes place.

How to » AntiVirus & Security » How do you prevent ransomware virus infection, responsible for deletion and request fees for decryption
Leave a Comment