What is Ransomware? and Ransom ware attack? How to be safe and Identify its attack from WannaCry Ransomware, CryptoLocker Ransomware , Locky Ransomware, Crysis Ransomware, zCrypt Ransomware, PowerWare Ransomware, Petya Ransomware, Hydracrypt Ransomware, CerberRansomware , RAA ransomware,
What is Ransomware? and Ransom ware attack? How to be safe and Identify its attack?
What is Ransomware ?There are two types of ransomware :
A : Lockscreen Ransomware (old version)
B: Encryption Ransomware (new version).
A : Lockscreen Ransomware (old version) :Lockscreen ransomware shows a full-screen message that prevents you from accessing your PC or files. It says you have to pay money (a “ransom”) to get access to your PC again.
B: Encryption Ransomware (new version):Encryption ransomware changes your files so you can’t open them. It does this by encrypting the files – see the Details for enterprises section if you’re interested in the technologies and techniques we’ve seen.
Older versions of ransom usually claim you have done something illegal with your PC, and that you are being fined by a police force or government agency.
These claims are false. It is a scare tactic designed to make you pay the money without telling anyone who might be able to restore your PC.
Newer versions encrypt the files on your PC so you can’t access them, and then simply demand money to restore your files.
How you can get it in your PC / Laptop or Computer ?Ransomware can get on your PC from nearly any source that any other malware (including viruses) can come from. This includes:
- Visiting unsafe, suspicious, or fake websites.
- Opening emails and email attachments from people you don’t know, or that you weren’t expecting.
- Clicking on malicious or bad links in emails, Facebook, Twitter, and other social media posts, instant messenger chats, like Skype.
- It can be very difficult to restore your PC after a ransomware attack – especially if it’s infected by encryption ransomware.
- That’s why the best solution to ransomware is to be safe on the Internet and with emails and online chat:
- Don’t click on a link on a webpage, in an email, or in a chat message unless you absolutely trust the page or sender.
- If you’re ever unsure – don’t click it!
- Often fake emails and webpages have bad spelling, or just look unusual. Look out for strange spellings of company names (like “PayePal” instead of “PayPal”) or unusual spaces, symbols, or punctuation (like “iTunesCustomer Service” instead of “iTunes Customer Service”).
Here How to prevent and recover from Ransomware infections?If you've attacked by ransom-ware then you can some unusual problems in your PC, some of unusual activity mentioned here.. so that you can identify them.
- Prevent you from accessing Windows.
- Encrypt files so you can't use them.
- Stop certain apps from running (like your web browser).
- Ransomware will demand that you pay money (a “ransom”) to get access to your PC or files. We have also seen them make you complete surveys.
- There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again.
Here is list of Top Ransomware which is affecting computers worldwide most.
- WannaCry Ransomware
- CryptoLocker Ransomware
- Locky Ransomware
- Crysis Ransomware
- zCrypt Ransomware
- PowerWare Ransomware
- Petya Ransomware
- Hydracrypt Ransomware
- RAA ransomware
- CryptoWall Ransomware
- Wanna Decryptor Ransomware
WannaCry Ransom ware:
Wannacry (or WannaCrypt, WanaCrypt0r 2.0, Wanna Decryptor) is a ransomware computer worm that targets the Microsoft Windows operating system. The virus was used to launch the WannaCry ransomware attack on Friday, 12 May 2017.
CryptoLocker Ransomware :
CryptoLocker is a ransomware trojan that targets computers running Microsoft Windows, believed to have first been posted to the Internet on 5 September 2013. CryptoLocker propagated via infected email attachments, and via an existing botnet; when activated, the malware encrypts certain types of files stored on local and mounted network drives using RSA public-key cryptography.
Locky Ransomware :
Locky is ransomware malware released in 2016. It is delivered by email (that was allegedly an invoice requiring payment) with an attached Microsoft Word document that contains malicious macros. When the user opens the document, it appears to be full of garbage, and it includes the phrase "Enable macro if data encoding is incorrect," a social engineering technique. If the user does enable macros, the macros then save and run a binary file that downloads the actual encryption trojan, which will encrypt all files that match particular extensions.
Crysis is ransomware-type malware mostly proliferated using deceptive e-mail messages containing infectious attachments and fake software updates (Java, Flash player, etc.) After successful system infiltration, virus-encoder encrypts files stored computers, and depending on the variant.
zCrypt Ransomware :
zCrypt ransomware has recently showed an interesting method of spreading not usually used by ransomware. zCrypt has an added functionality for propagating itself, after all more victims equals more profit for cyber-criminals. Like other ransomware, zCrypt has been distributed through Malspam.
PowerWare Ransomware :
The ransomware PowerWare that commandeers Microsoft's PowerShell utility to download and run malicious code, now has a variant that mirrors Locky ransomware.
Petya Ransomware :
Petya Ransomware is a type of malicious software that carries out the cryptoviral extortion attack from cryptovirology that blocks access to data until a ransom is paid and displays a message requesting payment to unlock it.
Hydracrypt Ransomware :
HYDRACRYPT Ransomware refers to a public ware (adware), designed to display advertisements within browsers it has infiltrated.
Cerber is a ransomware trojan that is spread via spam emails and currently has 5 versions. The .DOCX file for Cerber arrives attached to an email message, when the user opens the .DOCX, it shows a document with bad encoding and uses social engineering to convince the user to activate macros. After he or she does, it auto-extracts the payload.
RAA ransom ware:
RAA is distributed by email but now the malicious software dropping code is hidden in a password protected Zip attachment in order to make it more difficult for anti-virus software to discover - the content of protected archives are harder for security programmes to properly examine.
CryptoWall Ransom ware:
Ransom.Cryptowall is a Trojan horse that encrypts files on the compromised computer. It then asks the user to pay to have the files decrypted.
The threat typically arrives on the affected computer through spam emails, exploit kits hosted through malicious ads or compromised sites, or other malware.
Wanna Decryptor Ransomware:
The malware is delivered as a Trojan through a loaded hyperlink that can be accidentally opened by a victim through an email, advert on a webpage or a Drop box link. Once it has been activated, the program spreads through the computer and locks all the files with the same encryption used for instant messages.
How do I remove Ransomware from my PC?How to remove the ransomware depends on what type it is.
If your web browser is locked?You can try to unlock your browser by using Task Manager to stop the web browser's process:
Open Task Manager. There are a number of ways you can do this:
Right-click on an empty space on the taskbar and click Task Manager or Start Task Manager.
In the list of Applications or Processes, click on the name of your web browser.
Click End task. If you are asked if you want to wait for the program to respond, click Close the program.
In some workplaces, access to Task Manager may be restricted by your network administrator. Contact your IT department for help.
When you open your web browser again, you may be asked to restore your session. Do not restore your session or you may end up loading the ransomware again.
If your PC is locked?Method 1: Use the Microsoft Safety Scanner in safe mode
First, download a copy of the Microsoft Safety Scanner from a clean, non-infected PC. Copy the downloaded file to a blank USB drive or CD, and then insert it into the infected PC.
Try to restart your PC in safe mode:
In Windows 10
In Windows 8.1
In Windows 7
In Windows Vista
In Windows XP
When you're in safe mode, try to run the Microsoft Safety Scanner.
Method 2: Use Windows Defender Offline
Because ransomware can lock you out of your PC, you might not be able to download or run the Microsoft Safety Scanner. If that happens, you will need to use the free tool Windows Defender Offline. You can download Windows Defender Offline from here.
Please note that Microsoft recommend that you download Windows Defender Offline and create the CD, DVD, or USB flash drive on a PC that isn't infected with malware—the malware can interfere with the media creation.
Source: Microsoft official
(Latest) As per Microsoft Technet Blog : WannaCrypt ransomware worm targets out-of-date systems - Read Here
Tags: WannaCry Ransomware, CryptoLocker Ransomware , Locky Ransomware, Crysis Ransomware, zCrypt Ransomware, PowerWare Ransomware, Petya Ransomware, Hydracrypt Ransomware, CerberRansomware , RAA ransomware, CryptoWall Ransomware, Wanna Decryptor Ransomware, how to prevent ransomware, ransomware removal tool, ransomware virus, ransomware definition, ransomware examples, ransomware decrypt, ransomware attacks, how does ransomware work,