Please read in light of the most recent ransomware attack!
Ransomware is a type of computer virus that affects a system by making local or network files unusable via a proprietary encryption method only removable by the infector. The prefix of “ransom-” is used as most attackers will disseminate files on the infected machines or network locations that include information about decrypting the now-unusable files at a cost. Ransomware commonly affects high-use documents such as .docx, .xlsx, .pptx, .exe, et cetera, but can also affect any other file type.
Ransomware can go by many names, including CryptoLocker, Phantom, Crysis, Cerber, and more. Many of these infections files come from insecure links that request user action such as downloading a file, or they can be introduced if a network is open to remote connection or has a poor password policy in place.
The everyday user is perhaps the best method of identifying a ransomware attack.
How to recognize a Ransomware infection
Some ransomware will lie dormant after an infectious file has been introduced to the network, and there will likely be no way to detect if there is an infection until file encryption begins. When this happens, there are some tell-tale signs that an infection might be propagating. Symptoms include:
- You cannot open files that you typically have no issue with. You might see an error that the file is unreadable or un-openable, or that the file cannot be located.
- There are multiple files that you have trouble accessing that may be in the same or different locations.
- New files have been created with unusual names that include letter and number strings or unfamiliar file extensions, e.g. “a23gh1lkbux30.crypto”
- Files with familiar names that have had their extensions changed to something unfamiliar, e.g. “Annual Report.crypto” instead of “Annual Report.docx”
- New .txt files created in multiple folders. Upon opening these files, you may see instructions to connect to a webpage or send an email to a specified address. Do not follow any additional links or attempt to contact anyone listed in that document.
What to do if you suspect an infection
Your immediate action can help prevent further ransomware infection.
If you experience any of the above symptoms to any degree, even if you are unsure if the issue you are experiencing is indeed a ransomware attack, please to not hesitate to immediately shut down your computer. Power off your machine as soon as you can. By shutting down, you may prevent the encryption from spreading past your device and onto the network. Next, make sure to contact your IT provider as soon as possible to avoid further damage.
*** Your vigilance is the best defense to a ransomware attack. Please do not hesitate to contact TechWise Group if you would like to learn more about how you can protect yourself. Thank you. ***