Other issues in this category (23)
Encryption ransomware lessons. Pull the right plug
Monday, July 3, 2017
Many people keep right on working even after they notice their computers are infected or behaving strangely. We are republishing two quotes from our issue devoted to typical user errors:
Hello; I opened an email, and my system began to freeze so I waited a bit and then restarted it. It booted up really slowly. And when the boot process completed, everything was encrypted.
I was watching news on a social networking site; I didn't download anything or open any links. My system really slowed down and then up popped a Wanna Decryptor banner showing a ransom demand. The banner continued popping up every five seconds.
When the WannaCry outbreak happened, users “devised” another method for disarming the encryption ransomware. As you know, most encryption ransomware strains communicate with command and control servers. Specifically, this enables them to generate encryption keys on a remote host. Therefore, if we unplug the network cable, the ransomware will lose its connection to the server and won't be able to do anything without the server’s instructions, right? And it won't be able to spread over the network. Indeed, that sounds quite logical!
However, ransomware makers aren't fools. If the connection to the server is interrupted or access to the local network is lost, the malware immediately commences with its encryption activities.#corporate_security #Trojan.Encoder #encryption_ransomware
The Anti-virus Times recommends
If you notice an infection or something suspicious, power off your computer by pulling the power cord from the outlet.