Welcome to Bucaro TecHelp!

Bucaro TecHelp
Maintain Your Computer and Use it More Effectively
to Design a Web Site and Make Money on the Web

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds


Holiday Gift Guide
Holiday Gift Guide

Ransomware and How To Protect Yourself

I am sure you will all have seen the recent global WannaCry Ransomware outbreak on the news and I am sure you have all been left with questions surrounding how this happened and as such have concerns about your own computers security.

The good news is so far this attack has only affected medium-large organisations due to the method the attackers have used to load the virus onto computers, but the windows systems the ransomware has been affecting are identical to the windows systems people run at home and as such your computer may be open to the same exploitation as those in this attack.

So what is Ransomware? Let's start with the basics, Ransomware is just a label for a group of malicious software (or malware) programs that lock your computer in some way and demand a ransom to unlock it. These packages are often attached to malicious emails in the form of either infected files or by way of an internet link that downloads the file to your computer.

Ransomware typically operates in one of three ways:

1. Rogue Anti-Virus Software - The most basic level often presents as a form of anti-virus software informing you that you have a number of viruses on your system and inviting you to buy the software to remove them. Despite the look, these are usually simple infections and a regular scan of your system with an anti-malware package such as Malwarebytes or similar should rid you of the pest.

2. Locky type - This form of malware often displays a full screen window shortly after booting up that informs you your computer has been locked and demanding a ransom to unlock it. The software also hides icons and files on your desktop and documents folders to give the impression they have deleted your files.

It can be difficult to know whether this software has encrypted your files but a fairly easy way to tell is to boot your computer in safe-mode without networking, login as the default administrator account and see if your files are still there and accessible.

If they are good news, your files have not been deleted or encrypted and the virus can usually be easily deleted by remaining in safe mode and completing a virus scan using a dedicated anti-malware package such as Malwarebytes.

3. CryptoWare - By far the worst of all types of ransomware, this evil software will infect your computer entirely and will encrypt all files, display a full screen warning informing you that your files have been locked and demanding a ransom by a specific date before the cost either increases or your files are deleted.

The software also often has the ability to replicate itself and infect other computers on the same network. If you have been infected by CryptoWare then your only hope is that you have a backup of all your important data as the only way to ensure a completely clean system is to wipe the computer and re-install windows.

As you can imagine seeing any of these on your computer can create a great deal of alarm and distress and you may be tempted in a blind panic to just pay the ransom and get your files back. Our advice would be to avoid payment at all costs as there is no guarantee the attackers will return your data and you could just be wasting money and fuelling the fire.

If you have been infected with any of the above, the first thing you need to do is stop, physically disconnect the device from your network either by unplugging the network cable or by disabling your WiFi. Next you need to establish what level of infection you have, if it looks like an anti-virus software that you don't recognise and it is saying you have a virus infection the simple thing to do is complete a scan with Malwarebytes or similar and then reboot your computer. This should fix your problem and all your files should be safe.

If you have a full screen warning informing you your files have been locked then the solution is a little more complex. First you need to boot the computer in safe-mode without networking and, as said above, establish by logging into the administrator account if you can access any of your files. If you can the solution is to perform a scan with Malwarebytes or an equivalent package to remove the infection and then reboot your computer. If you cannot access your files because they have either been deleted or encrypted then your only option to ensure a completely clean system is to wipe your device completely and reinstall your system either from a backup or from scratch.

Often this can be a very daunting and confusing process to carry out if you are not familiar with the process and I would recommend that if you get stuck or become unsure at any point then you consult an IT professional for advice.

RSS Feed RSS Feed


Follow Stephen Bucaro Follow @Stephen Bucaro


Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2017 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268