THREAT REMOVAL

Ransomware is currently affecting thousands of users on a global scale. Victims are typically asked to pay a certain amount of money in order to have their files restored via a unique decryption key. Ransomware scenarios may vary from case to case but the bottom line is always the same – ransom money (usually in bitcoin) transferred to the cyber crooks’ accounts. On top of that extortion, victims often stumble upon other forms of cyber fraud while searching online for ways to decrypt their data.

Don’t trust untrustworthy and untested methods

We are presently witnessing untenable solutions for ransomware such as TeslaCrypt, promoted on security forums and pages (our own included). Even though we haven’t had the chance to test all of the promoted methods, we believe it is dishonest to demand even more money than ransom authors. Logic leads us to think that newly created decryption tools or any kind of decryption methods shouldn’t be advertised via forum/page comments. Such schemes may just be another deceptive way to gain money (a.k.a. yet another online scam) by taking advantage of gullible or frustrated users.

If you believe you will receive adequate service, ask for proof first

It is only natural for a ransomware victim to go online and seek assistance in restoring their data. However, if you bump into individuals who claim that they can restore your files if you pay them, don’t trust them all at once. First, ask for some kind of confirmation, a demonstration that the particular solution truly does the work. Also, don’t forget that recent ransomware pieces are quite sophisticated and employ military grade encryption. Decryption would take lots of resources and skills, and should be confirmed by well-known security engineers.

In addition, every ransomware infection is unique. If someone has succeeded in restoring all or some of their files, it doesn’t necessarily mean that all victims will have the same result. Decryption may take more attempts in order to be successful.

One tool that has been reported over security forums to decrypt files successfully is TeslaCrack. There are still users, however, who couldn’t successfully restore their encrypted data. We are currently testing TeslaCrack and we will keep you posted, once we have a result.

Finally, here is a list of currently active ransomware pieces:

Ransomware Protection, Prevention Tips

In most cases, ransomware is spread in spam email campaigns. Remember that ransomware authors are often acting as legitimate companies or governmental entities in their attempts to look authentic. Even experienced and well-informed users have fallen victims to cyber crooks that employ efficient social engineering techniques.

There are several steps that can improve your security against spam and respectively – ransomware and other forms of malicious software:

Anti-Spam, Anti-Ransomware Tips

Employ anti-spam software, spam filters, aimed at examining incoming email. Such software serves to isolate spam from regular emails. Spam filters are designed to identify and detect spam, and prevent it from ever reaching your inbox. Make sure to add a spam filter to your email. Gmail users can refer to Google’s support page.

Don’t reply to dubious email messages and never interact with their content. Even an ‘unsubscribe’ link within the message body can turn out to be suspicious. If you respond to such a message, you will just send a confirmation of your own email address to cyber crooks.

Create a secondary email address to use whenever you need to register for a web service or sign up for something. Giving away your true email address on random websites is never a good idea.

Your email name should be tough to crack. Research indicates that email addresses with numbers, letters and underscores are tougher to crack and generally get less spam emails.

View your emails in plain text, and there’s a good reason why. Spam that is written in HTML may have code designed to redirect you to unwanted pages (e.g. advertising). Also, images within the email body can be used to ‘phone home’ spammers because they can use them to locate active emails for future spam campaigns. Thus, viewing emails in plain text appears to be the better option. To do so, navigate to your email’s main menu, go to Preferences and select the option to read emails in plain text.

Avoid posting your email address or a link to it on web pages. Spam bots and web spiders can locate email addresses. Thus, if you need to leave your email address, do it as it follows: NAME [at] MAIL [dot] com or something similar. You can also look for a contact form on the website – filling out that form shouldn’t reveal your email address or your identity.

To receive the latest unbiased information on ransomware decryption, join our forums. Feel free to start your own topic to receive malware removal assistance or advice.