Get help when your device is CryptoLocked

Law enforcement and IT Security companies have joined forces to disrupt cybercriminal businesses with ransomware connections.

The “No More Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cyber security companies – Kaspersky Lab and Intel Security – with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.

Since it is much easier to avoid the threat than to fight against it once the system is affected, the project also aims to educate users about how ransomware works and what countermeasures can be taken to effectively prevent infection. The more parties supporting this project the better the results can be. This initiative is open to other public and private parties.

No More Ransom is an international initiative that shows the value of public-private cooperation when taking serious action cybercrime. This collaboration goes beyond geographical borders. The main aim of the project is to share knowledge and educate users across the world on how to prevent ransomware attacks. We believe that it will eventually lead to support for repairing the damage caused to victims all around the globe. By restoring access to their systems, we empower users by showing them they can take action and avoid rewarding criminals with a ransom payment.

How does a ransomware attack work?

A ransomware attack is typically delivered via an e-mail attachment which could be an executable file, an archive or an image. Once the attachment is opened, the malware is released into the user’s system. Cybercriminals can also plant the malware on websites. When a user visits the site unknowingly, the malware is released into the system.

The infection is not immediately apparent to the user. The malware operates silently in the background until the system or data-locking mechanism is deployed. Then a dialogue box appears that tells the user the data has been locked and demands a ransom to unlock it again. By then it is too late to save the data through any security measures.

For more information please see the video below:

Types of ransomware

Encryption Ransomware

It encrypts personal files and folders (documents, spread sheets, pictures, and videos).

The affected files are deleted once they have been encrypted, and users generally encounter a text file with instructions for payment in the same folder as the now-inaccessible files.

You may discover the problem only when you attempt to open one of these files. Some, but not all types of encryption software show a ‘lock screen’.

Lock Screen Ransomware — WinLocker

It locks the computer’s screen and demands payment. It presents a full screen image that blocks all other windows.

No personal files are encrypted.

Master Boot Record (MBR) Ransomware

The Master Boot Record (MBR) is the part of the computer’s hard drive that allows the operating system to boot up. MBR ransomware changes the computer’s MBR so that the normal boot process is interrupted.

Instead, a ransom demand is displayed on the screen.

Ransomware encrypting web servers

It targets webservers and encrypts a number of the files on it. Known vulnerabilities in the Content Management Systems are often used to deploy ransomware on web services.

Mobile device ransomware (Android)

Mobile devices (mostly Android) can be infected via “drive-by downloads”. They can also get infected through fake apps that masquerade as popular services such as Adobe Flash or an anti-virus product.

If attacked, should I pay the ransom?

Paying the ransom is never recommended, mainly because it does not guarantee a solution to the problem. There are also a number of issues that can go wrong accidentally. For example, there could be bugs in the malware that makes the encrypted data unrecoverable even with the right key.

In addition, if the ransom is paid, it proves to the cybercriminals that ransomware is effective. As a result, cybercriminals will continue their activity and look for new ways to exploit systems that result in more infections and more money on their accounts.

To identify the type of ransomware affecting your device, you can  fill in the form here. This will enable us to check whether there is a solution available. If there is, we will provide you with the link to download the decryption solution.

Identify Ransomware

Decryption Tools

IMPORTANT! Before downloading and starting the solution, read the how-to guide. Make sure you remove the malware from your system first, otherwise it will repeatedly lock your system or encrypt files. Any reliable antivirus solution can do this for you. Following decrypters are available currently:

Decryption Tools

1. WildFire Decryptor
2. Chimera Decryptor
3. Teslacrypt Decryptor
4. Shade Decryptor
5. CoinVault Decryptor
6. Rannoh Decryptor (updated 03-10-2016)
7. Rakhni Decryptor (updated 14-11-2016)
8. Jigsaw Decryptor
9. Trend Micro Ransomware File Decryptor
10. Emsisoft NMoreira Decryptor
11. Emsisoft Ozozalocker Decryptor
12. Emsisoft Globe Decryptor
13. Emsisoft Globe2 Decryptor
14. Emsisoft FenixLocker Decryptor
15. Emsisoft Philadelphia Decryptor
16. Emsisoft Stampado Decryptor
17. Emsisoft Xorist Decryptor
18. Emsisoft Nemucod Decryptor
19. Emsisoft Gomasom Decryptor
20. Linux.Encoder Decryptor

How to prevent a ransomware attack?

1. Back-up! Back-up! Back-up! Have a recovery system in place so a ransomware infection can’t destroy your personal data forever. It’s best to create two back-up copies: one to be stored in the cloud (remember to use a service that makes an automatic backup of your files) and one to store physically (portable hard drive, thumb drive, extra laptop, etc.). Disconnect these from your computer when you are done. Your back up copies will also come in handy should you accidentally delete a critical file or experience a hard drive failure.
2. Use robust antivirus software to protect your system from ransomware. Do not switch off the ‘heuristic functions’ as these help the solution to catch samples of ransomware that have not yet been formally detected.
3. Keep all the software on your computer up to date. When your operating system (OS) or applications release a new version, install it. And if the software offers the option of automatic updating, take it.
4. Trust no one. Literally. Any account can be compromised and malicious links can be sent from the accounts of friends on social media, colleagues or an online gaming partner. Never open attachments in emails from someone you don’t know. Cybercriminals often distribute fake email messages that look very much like email notifications from an online store, a bank, the police, a court or a tax collection agency, luring recipients into clicking on a malicious link and releasing the malware into their system.
5. Enable the ‘Show file extensions’ option in the Windows settings on your computer. This will make it much easier to spot potentially malicious files. Stay away from file extensions like ‘.exe’, ‘.vbs’ and ‘.scr’. Scammers can use several extensions to disguise a malicious file as a video, photo, or document (like hot-chics.avi.exe or doc.scr).
6. If you discover a rogue or unknown process on your machine, disconnect it immediately from the internet or other network connections (such as home Wi-Fi) — this will prevent the infection from spreading.

Report a Crime

If you become a victim of ransomware, remember that it’s a crime and you need to report it to your local law enforcement agency. Your report will help to catch cybercriminals and prevent other users from being infected.

Europe

Follow the link to find out about reporting mechanism in European countries.

Netherlands’ police

To file a report for the Netherlands’ Police please follow the link. If you consider reporting a crime, please read the following document carefully, fill it in as much as possible and take it to the nearest police station to finish the procedure.

USA

Follow the link to see the procedure on how to report a crime in the USA.

Source:

The contents of this post is completely collected from the following source. It is important for everyone to know where to get help when something goes wrong. No credits taken.

• https://www.nomoreransom.org/