什么是勒索软件(Ransomware)病毒攻击?你如何获得勒索软件(Ransomware)以及它是如何工作的?勒索软件攻击后该怎么办?这篇文章将尝试讨论所有这些问题,并就如何处理和从Windows计算机上的勒索软件攻击中恢复提出建议。(Ransomware attacks)这篇文章还提供了链接,您可以在其中向FBI、警察(Police)或有关当局报告勒索软件。(Ransomware)
勒索软件(Ransomware)呈上升趋势,作为计算机用户,您现在可能肯定听说过这个术语。它现在是一种非常流行的恶意软件形式,被恶意代码编写者用来感染用户的计算机,然后通过向用户索要赎金来赚钱。无论是Petya还是 Locky 勒索软件,每隔一天,我们就会了解这种最新出现的恶意软件。这类恶意软件现在似乎是最受欢迎的,因为它非常有利可图——通过这种恶意活动赚取的金额高达数百万美元。锁定用户的文件和数据,然后要钱来解锁它们(Lockdown user’s files and data, and then demand money to unlock them)——这是一条线的作案手法(modus operandi)!
如果您的计算机已被“普通病毒”感染,那么此恶意软件清除指南(Malware Removal Guide)将为您提供帮助。但是,如果您需要从勒索软件(Ransomware)攻击中恢复,请继续阅读。
什么是勒索软件
勒索软件(Ransomware)是一种恶意软件,通过您的计算机系统通过受感染的电子邮件附件、驱动下载(drive-by-downloads)、社会工程恶意软件、恶意广告(malvertising)或在不知不觉中通过被黑网站传播。一旦进入您的系统,勒索软件就会开始工作并开始加密和锁定您的文件。
然后,它通常会通过计算机屏幕上的弹出窗口向您提出要求,要求您以货币或比特币提供赎金,(BitCoins)以换取解锁您无法访问的文件、文件夹和数据的密钥。
如果您未在规定时间内向勒索软件网络犯罪分子付款,(Ransomware)他们将威胁要公开发布您的数据或增加赎金支付金额。他们甚至可能通过覆盖主引导记录(Master Boot Record)来威胁要擦除所有数据并使您的商务计算机无法运行或使机器无法启动。
你如何获得勒索软件(Ransomware)以及它是如何工作的
基于签名的反恶意软件可能会或可能不会有太大帮助。您需要使用这些基于行为的反勒索软件(anti-ransomware software)和/或入侵检测和预防软件之一来加强防御。同样(Again),可以采取一些基本步骤来防止勒索(prevent ransomware)软件或从中更快地恢复,例如更新操作系统、使用良好的安全软件(good security software)以及定期离线备份数据。但尽管如此,您仍然可能最终成为某些勒索软件的受害者。
这是怎么发生的?(How does this happen?)
好吧,您收到来自未知来源的电子邮件附件,然后单击它打开它。这不像你想象的那样无辜。它可能是一个恶意文件,您的点击可能会触发它并继续锁定您的文件,或者它可能会继续下载更多恶意代码,这反过来可能会加密您的文件并使其无法访问或无法使用。
或者您可以访问一个被黑的网站,即使它的所有者也可能不知道。您可能会也可能不会点击任何东西——仅仅访问它可能会触发恶意木马(Trojan)下载,该下载可能会下载并传递有效负载,进而感染您的系统。
话又说回来,在线广告网络可能会受到损害,网络所有者甚至可能都不知道。您访问一个干净的合法网站,该网站提供这个看似无辜的广告,然后单击它 - 并且BAM -可能会启动将恶意代码下载到您的Windows PC 的操作。
使用破解软件、软件密钥生成器、P2P网络可能会感染您的计算机。即使使用受勒索软件感染的USB也可能感染您的计算机。
我怎么知道我是否感染了勒索软件(Ransomware)?
当您发现您的文件、图像和数据已被加密并且您无法打开文件时,您就知道自己是勒索软件的受害者。除此之外,您经常会看到一个弹出屏幕,要求您支付赎金,或者面临删除文件的情况。
This is where having backups can help! If you have backed up your files, you could simply ignore the warnings, format and clean install your Windows OS and restore your backed-up files.
您可以看到的其他迹象是您是否发现您的安全软件已被禁用或失效,您的系统还原(System Restore)或启动修复(Startup Repair)已被禁用,或者是否某些关键的Windows 服务(Services),如Windows 更新(Windows Update)、后台智能传输服务(Background Intelligent Transfer Service)、WinDefend、Windows影子(Windows Shadow)副本已被禁用。
勒索软件(Ransomware)攻击后该怎么办
如果您发现您的计算机已被勒索软件锁定,您应该采取以下步骤:
1]如果您的计算机是网络的一部分,请从网络中删除受感染的系统
2] 如果您愿意,您可以创建磁盘或受影响文件的副本以供以后分析。文件解密可能需要这些副本。
3]如果你有一个健康的系统还原点,看看你是否可以回去看看它是否适合你。
4]如果您有最近的数据备份,那就更好了。格式化(Format)并干净地重新安装Windows并恢复您的备份数据以重新开始。
5] 看看您是否可以使用卷影复制服务功能来恢复旧版本的文件。免费软件ShadowExplorer可能会让事情变得更容易。
6]启动进入安全模式(Boot into Safe Mode)并运行您的防病毒软件(antivirus software)深度扫描,希望它能够对您的计算机进行消毒。有可能不会,但尝试没有坏处。
7]接下来,识别已感染您计算机的勒索软件。为此,您可以使用名为ID Ransomware的免费在线服务。
8] 如果您能够识别勒索软件,请检查勒索软件解密工具是否适用于您的勒索软件类型。然后借助目前可用的这些勒索软件解密工具之一。(ransomware decryptor tools)
9] 如果勒索软件(Ransomware)完全阻止了对您计算机的访问,甚至限制了对选择重要功能的访问,请使用 卡巴斯基 WindowsUnlocker,因为它可以清理受勒索软件感染的注册表(Registry),并让您重新访问。
10] 也许您想借助CryptoSearch的帮助,这是一个免费工具,可以识别勒索软件加密的(Ransomware-encrypted)文件,然后将它们转移到新的位置进行保管。
11] 如果您的数据很重要并且您别无选择只能取回这些数据,那么很容易建议您不要向网络犯罪分子付款,但支付赎金是您唯一的选择。不幸的是,许多人都这样做了——尽管他们不喜欢公开承认这一点。但这是生活中的硬道理。因此,您或您的组织将不得不就此接听电话。无论如何,您可能还想提醒您所在国家/地区的网络执法机构。
12 ] 最后(] Finally),记得向当地的网络犯罪小组、警察当局或FBI报告您的勒索软件案件。此链接将告诉您在哪里可以报告勒索软件(report ransomware)。
解密文件并删除勒索软件后,您可以使用RansomNoteCleaner删除留下的勒索软件说明和其他残留垃圾。(Ransomware Notes)
祝一切顺利。(All the best.)
What to do after a Ransomware attack on your Windows computer?
What is а Ransomware viruѕ attack? How do you get Rаnsomware and how does it work? What to do after a ransomware attack? This post will trу and discuss all these questions and suggest ways on how to deal with & recover from Ransomware attacks on Windows computers. This post also gives links where you can report Ransomware to the FBI, Police, or appropriate authorities.
Ransomware is on the rise, and as a computer user, you may have surely heard of this term by now. It is now a very popular form of malware that is used by malicious code writers, to infect a user’s computer and then make money, by demanding a ransom amount from the user. Whether it is Petya or Locky ransomware, every other day, we get to read about this latest emerging malware. This class of malware seems to be the favorite now as it is very profitable – with the amount earned through this malicious activity, running into millions of dollars. Lockdown user’s files and data, and then demand money to unlock them – that is the modus operandi in a line!
If your computer has been infected by the ‘usual Virus’, then this Malware Removal Guide will help you. But if you need to recover from a Ransomware attack, then read on.
What is Ransomware
Ransomware is a type of malware that is delivered through your computer system through infected email attachments, drive-by-downloads, socially engineered malware, malvertising, or unknowingly via hacked websites. Once on your system, ransomware gets to work and starts encrypting and locking down your files.
It then makes a demand to you, usually via a pop-up on your computer screen asking you to deliver a ransom in currency or by BitCoins, in exchange for a key that will unlock your inaccessible files, folders, and data.
If you do not pay the Ransomware cyber-criminals within the stipulated time, they will threaten to post your data publicly or increase the ransom payment amount. They may even threaten to erase all data and render your business computers inoperable or render the machine unbootable by overwriting the Master Boot Record.
How do you get Ransomware and how does it work
The signature-based anti-malware software may or may not be of much help. You need to fortify your defenses using one of these anti-ransomware software and/or Intrusion Detection & Prevention software, which are behavior-based. Again, there are some basic steps one can take to prevent ransomware or recover faster from it, like updating your operating system, using a good security software and regularly backing up your data offline. but in spite of all this, it can still happen that you end up being a victim of some ransomware.
How does this happen?
Well, you receive an email attachment from an unknown source and you click on it to open it. It is not something innocent as you may have thought. It could be a malicious file that could get triggered by your click, and which go on to lock down your files, or it could go on to download more malicious code, which in turn could encrypt your files and make them inaccessible or unusable.
Or you could visit a hacked website, which even its owner may not be aware of. You may or may not click on anything – simply visiting it may trigger a malicious Trojan download, which could download and deliver a payload, that could go on to infect your system.
Then again, online advertising networks can get compromised and the network owner may not even know about it. You visit a clean legitimate website that serves this seemingly innocent ad and you click on it – and BAM – action could be initiated which downloads malicious code to your Windows PC.
Using cracked software, software key generators, P2P networks, can potentially infect your computer. Even using a ransomware-infected USB could infect your computer.
How do I know if I am infected with Ransomware?
You know that you are a victim of ransomware when you find that your files, images & data have been encrypted and you are unable to open the files. In addition to this, you could frequently get to see a popup screen asking you to pay a ransom, or face deletion of your files.
This is where having backups can help! If you have backed up your files, you could simply ignore the warnings, format and clean install your Windows OS and restore your backed-up files.
Other tell-tale signs you can see is if you find that your security software has been disabled or rendered ineffective, your System Restore or Startup Repair has been disabled or if some critical Windows Services like Windows Update, Background Intelligent Transfer Service, WinDefend, Windows Shadow Copies have been disabled.
What to do after a Ransomware attack
In case you find that your computer has been locked by ransomware, you should take the following steps:
1] If your computer is part of a network, remove the infected system from the network
2] If you wish, you can create a copy of your disk or the impacted files for analysis later on., which may be needed for the decryption of files.
3] If you have a healthy system restore point, see if you can go back and see if that works for you.
4] If you have recent backups of your data, even better. Format and clean reinstall Windows and restore your backed-up data to make a fresh start.
5] See if you can use the Shadow Volume Copy Service feature to recover older versions of the files. Freeware ShadowExplorer may make things easier.
6] Boot into Safe Mode and run your antivirus software deep-scan and hope that it is able to disinfect your computer. Chances are it won’t, but no harm in trying.
7] Next, identify the Ransomware which has infected your computer. For this, you may use a free online service called ID Ransomware.
8] If you are able to identify the ransomware, check if a ransomware decrypt tool is available for your type of ransomware. Then take the help of one of these ransomware decryptor tools which are presently available.
9] If the Ransomware totally blocked access to your computer or even restricted access to select important functions, use Kaspersky WindowsUnlocker as it can clean up a ransomware-infected Registry, and gives you access back.
10] Maybe you want to take the help of CryptoSearch, a free tool that identifies Ransomware-encrypted files & then transfers them to a new location for safekeeping.
11] While it is easy to recommend not paying the cyber-criminals if your data is critical and you have no choice but to have access to it back, paying the ransom is the only option you have. Many have done this, unfortunately – although they do not like to acknowledge this publicly. But this is the hard fact of life. So you or your organization will have to take a call on this. In any case, you may want to also alert the cyber law enforcement authorities in your country.
12] Finally, remember to report your ransomware case to your local cybercrime cell, police authorities, or the FBI. This link will tell you where you can report ransomware.
Once you have decrypted the files and removed the ransomware, you may use RansomNoteCleaner to remove the Ransomware Notes & other residual junk left behind.
All the best.