Simultaneously with the advent of programming, viruses that infect software and hardware systems appeared. Some quietly infiltrate the system and leak private information, others infect hardware and/or important system files, others simply entertain the user and do not carry any particular danger (seemingly) – the varieties and types are seemingly endless. One of the most unpleasant groups of virus programs is ransomware, which encrypts files of certain formats, depriving the user of access to them, and then displays a message demanding a ransom in the form of a certain amount, which should be transferred to a certain account. After the money is credited to the account, the infected files will allegedly be decrypted. However, the bitter truth is that usually ransomware does not have any tracking tools that allow you to track which computer the funds came from; therefore, the victims of a virus attack are left without money, and without important files for them.
Most recent examples:
- Since May 12, 2017, the WannaCry encryption virus (WCry, WannaCrypt, WCry, WanaCrypt0r 2.0 and Wanna Decryptor) has been attacking computers running Windows OS of all versions - from XP to Windows 10 (as well as server Windows from 2003 to 2016) for several weeks for which the MS17-010 vulnerability has not been closed;
- On June 27, 2017, another ransomware, Petya.A, became widespread, which also caused considerable damage to corporate networks, banks, government agencies and many other resources;
- On October 24-25, there was a massive attack on computer systems and resources of a number of public and private organizations in Russia and Ukraine. In particular, the Russian media (Fontanka and the Interfax news agency), the Ukrainian Ministry of Infrastructure, the Kyiv metro and the Odessa airport were affected, where the operation of the passenger registration service was blocked as a consequence of the encryption virus.
Unfortunately, there are too many different modifications of encryption viruses, and we will only give general recommendations for preventing infection and minimizing losses if such a nuisance does occur.
How does a virus get into a computer?
The virus enters the computer through removable media, or after launching an infected file that came by e-mail. Some modifications of WannaCry can infiltrate the RDP remote access service (if this service is enabled), especially if simple passwords are used to log into Windows.
What happens next?
The virus encrypts the files and then shows the user a ransom message.
How to prevent infection?
1. Be vigilant. Those who send out viruses use all sorts of tricks to "get through" to their "target audience". For example, an employee of the HR department may receive a resume from an applicant, where there will be a link supposedly to a portfolio posted on the Internet; the accounting department can receive a fairly well-written letter “from the tax office” with a “sample document” attached to it, which is actually an executable file with a virus. There are many similar disguise options - including those that look as plausible as possible. Be vigilant. Please.
2. Make sure to install Windows security updates, especially those that close the MS17-010 vulnerability. Microsoft acknowledged the danger caused by this vulnerability and released a patch even for Windows XP, support for which ended in April 2014.
3. Use a trustworthy anti-virus system with up-to-date versions of anti-virus databases.
- If you really need remote access to your computer - use complex passwords, and even better - also additional security tools, such as VPN.
How to protect yourself in case of issues?
A truly reliable way to ensure the safety for your important data is to have an up-to-date backup on a medium disconnected from the computer (for example, on an external hard drive). This will allow you to painlessly restore information corrupted by a virus for your business processes. Companies for which data safety is critical store backup media in a geographically remote location. Even better, if your backups are stored on the servers of a reliable hosting company or even in a secure, fault-tolerant cloud. This is a good option both from the point of view of budget savings and from the point of view of technical security - it makes sense to trust professionals who will analyze your data generation process and develop an optimal backup algorithm for you.
What do I do if there is no backup?
This is a difficult question. We do not recommend paying money to ransomware producers, thereby encouraging their dubious activities and funding the further development of new ransomware modifications.
If the issue of data recovery is not too urgent, you can wait until the antivirus laboratories find a weak link in the virus algorithm, create an alternative decryptor, and then you can recover the data for free. Such work is carried out in many eminent anti-virus laboratories (ESET, Kaspersky Lab, etc.). Keep in mind that usually you will need the same file in encrypted and decrypted form to select the decryption key.