There are so many stories published in the media and frequent personal experiences I’ve encountered that I can’t help but feel obligated to write about ransomware virus support. Ransomware typically comes in the form of a fake email posing as courier service such as UPS or important letter with a zip attachment encouraging you to open it. The email suggests you have bad debt that must be settle or something similar with negative consequences if you don’t act. It is all downhill from there once you open this file attachment or link.
Let’s digress into preventative steps before I go into how to possibly salvage your data
- Backup – it’s surprising just how many businesses still don’t apply some sort of disaster / recovery process. Look into getting a Synology for keeping a large volumes of data backed up locally.
- Protection – Norton, mcafee, Microsoft essentials all miss signs of potential threats. Google apps for work has built-in protection that is pretty good at blocking Trojan Horse viruses from entering. Installing HitMan Pro Alert will be additional layer of protection. Avast and Eset are virus protection programs of look at. Eset support is great once you purchase their software. They have free chat support for their free online scanner too.
- Reactive Utilities – Malware Malbytes, JRT.exe, Eset Online Scanner, Systernal TCPView, Microsoft System Restore, Veeam Endpoint Backup, Hirem Boot CD, , Eset SysRescue, Paragon Rescue Kit, Parago Backup and Recovery, CCCleaner, and UBCD.
- Running Utilities at Boot – Safe mode gives you a better chance of removing issues from the system. Running off a USB stick increases your chances of removing a problem. However, a lot of work is done remotely with tools like www.logmein.com. Remote sessions limit your ability to fix problems. Try loading all your utilities on one multiboot USB stick using USB Winsetup.
- MSConfig and Registry edits optimization – Under administrator login look for startup items to delete
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AND HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce AND (If added by Group Policy) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run AND (If added by Group Policy) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
In Addition for Only 64-bit Windows 10
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run AND HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
CryptoWall encrypted my files… Now what?
You can try to recover through a couple built in features of the Microsoft Windows operating system. Whatever you do, don’t wait, and don’t reboot. Your window to fix this situation is very limited.
- Previous Version. – right click, select properties, and visit what if any prior version of files may be there before the attack occurred
- File recovery – using the program R-Studio to recover your deleted data before it was replaced with encrypted data is probably your last solid bet. The demo version of the software can at least test a file or two like a Jpeg file to see if the recovery worked before purchasing the complete software.
Ransomware Virus Support – The niddy griddy
No backups, no recovery… Are you doomed?
I’m completely against paying the ransomware virus support peeps because it will be encourage billions more dollars to flow into those shady hands. However, some small businesses have no choice and their livelihoods are at stake. They need to keep the lights on and their employees employees. Plus, I’m evangelizing the proactive steps needs to prevents ransomware viruses in the future. The ransomware yahoos have made procedures for recovering your data particularly easy to comprehend because they want you to pay the money. They even give you a taste of what you could have back if you follow through with Bitcoin payment by letting you select a personal file from your computer and then recovering it.
There is no guarantee once your data is recovered that the computer is free of ransomware virus support until you wipe the computer and place a fresh copy of the OS on the computer. Back up the data and software license keys on the computer and proceed with the wipe. We can’t emphasize enough calling a local IT support team to prevent any further loss of data. NetworkAntics is here to help.