Ransomware Infection? This could help!!

Ransomware infections are a very real and very serious problem that general computer users, and businesses alike, should be prepared for!

• First off, the best prevention to start with is to have good security software installed that can protect you from Ransomware infections (such as Malwarebytes Anti-malware, Kaspersky Antivirus, etc).
• Secondly, have a good data backup system in place that follows the 3-2-1 backup rule to keep your data safe! 
• The 3-2-1 backup rule simply states that you should have:
• 3 copies of your data (your main data and 2 backup copies)
• On two different media types (NAS drive and a thumb drive)
• With one copy off-site for disaster recovery (cloud backup, etc).

If you do get hit with a ransomware infection, the website below can help you identify which ransomware you were infected with and if there is a de-encryption tool available to help get your data/files back: https://id-ransomware.malwarehunterteam.com/

Pacific NW Computers

www.pnwcomputers.com

360.624.7379

Ransomware; What You Need To Know

With the popularity of the "WannaCry" ransomware bug that went around in early 2017, most folks are pretty familiar with the term Ransomware (aka an extortion virus). If you are not familiar with term, essentially a Ransomware virus is bug that usually gets into a system through an infected attachment via a fake Email. Once the email is opened, the virus activates and immediately starts to seek out and encrypt Word Documents, Excel Spreadsheets, Pictures, Music; anything it can get it's hands on. It is a VERY destructive type of attack and if not prepared, you could loose all of the precious data that is stored on your computer and connected to your computer!

So what is Data Encryption?

Data encryption is a way to lock a file, or any type of data on a hard drive, very securely. Encryption essentially locks a file with a nearly unbreakable secret password, key, etc. Once a file has been "locked" or encrypted, you need have to have the secret key or password to be able unlock and access file(s) again. The key or password is what enables you to decrypt, or "unlock" the file, and have access to all your stuff again; pictures, documents, music, etc. So what the scammers are trying to achieve with deploying Ransomware is to lock your data up and then extort money from you to get your data back. Essentially make you pay a ransom to get your data unlocked and accessible again.

What can you do to protect yourself from Ransomware attacks?

1. BACKUP YOUR DATA: Back up your files remotely every day, but only on a hard drive that is not connected to the internet. So long as you back up files on an external hard drive, you won’t lose any information if hit by a ransomware attack.
2. NEVER OPEN A SUSPICIOUS EMAIL ATTACHMENT: And never download an app that you haven’t verified with an actual store. Read reviews before installing programs.
3. SCAN ALL DOWNLOADS: Some antivirus programs have the ability to scan files to see if they might contain ransomware. Make use of them before downloading any questionable attachments from email or software from the internet.
4. EXTRA PROTECTION: If you want take things a step even further, BitDefender does have an Anti-Ransomware security tool you can install and run on your computer to supplement (and work in conjunction with) your existing security software:
   www.bitdefender.com/solutions/anti-ransomware-tool.html

What do you do if you have already gotten infected with Ransomware?

If your computer has been attacked by ransomware, you can explore the free ransomware response kit (from ZDNet) for a suite of tools that can help with a ransomware attack.
Pacific Northwest Computers also recommends the following to moderate an attack as well:

1. Remove the infected machines from the network, so the ransomware does not use the machine to spread throughout your network!! VERY IMPORTANT!!
2. Decide whether or not to restore from available backups, try to decrypt the encrypted data, or pay the ransom and take it as a lesson learned.
3. Research if similar malware has been investigated by other IT teams, and if it is possible to decrypt it on your own. About 30 percent of encrypted data can be decrypted without paying a ransom. Some of those tools are listed below:

• esupport.trendmicro.com/en-us/home/pages/technical-support/1114221
• www.avast.com/ransomware-decryption-tools
• www.avg.com/en-us/ransomware-decryption-tools
• noransom.kaspersky.com
• decrypter.emsisoft.com
• More Tools: www.thewindowsclub.com/list-ransomware-decryptor-tools

If the none of the available decryption tools work (or a decryption tool is not available for your specific type or Ransomware) data recovery could be a last resort option. There have been cases where when the Ransomware virus attacks and the data encryption first occurs, the original file is actually copied and then deleted, and the copied file is what gets's encrypted! So we can try to recover those original files!

If you have been hit by a Ransomware virus, you need Ransomware Data Recovery, or you are interested in getting some systems in place to be prepared and protected in the case of a Ransomware attack, feel free to reach out to us!
Pacific Northwest Computers

Jon Pienkowski ~ Owner/Operator

www.pnwcomputers.com

360.624.7379

WannaCry Ransomware Virus

The now infamous "WannaCry" ransom-ware virus has been making headlines and scaring a lot of computer users around the world. It is one of the quickest spreading Ransom-ware bugs that has been released to date, but Ransom-ware viruses are not anything new.

Ransom-ware viruses are a type of virus that infect computers, and then prevent the user from accessing the operating system, or encrypting all the data stored on the computer. Then the user is asked to pay a fixed amount of money as ransom to unlock their files, allowing them to regain access to the operating system and their data again. What sets this virus apart is how quickly and widely it has spread.

As of yesterday a Security Professional, Marcus Hutchins, has been credited with stopping the WannaCry ransomware attack from spreading across the globe, by accidentally triggering a "kill switch" found in reverse engineering the virus. So for now, further infection has been stopped. But to prevent any infections from previous distributions of the bug you can do the following:

"WannaCry" Ransomware Guidelines to Stay Safe:

• Be careful to NOT click on harmful links in your emails! 
• Even with security software installed, if you open/download an attachment from a malicious email it can and will infect a computer and network! 
• If you get an email from someone, look at the email address/email header and make sure it's from who it says it is. 
• Be aware of fraudulent e-mail messages that use names similar to popular services such as PayPal instead of PayPal or use popular service names without commas or excessive characters. 
• Be wary of visiting unsafe or unreliable sites 
• Never click on a link that you do not trust on a web page or access to Facebook or messaging applications such as WatSab and other applications. 
• If you receive a message from your friend with a link, ask him before opening the link to confirm, (infected machines send random messages with links). 
• Always make have the latest update for your Antivirus; Let me know if there are any update issues! 
• Make sure your windows have the latest updates to close the gap! 
• If windows has reported that updates are pending/available; download and install immediately!! 

Further Steps to take in-case you WERE to get infected by the "WannaCry":

• Make a recovery disk! The WannaCry ransomware asks for $300 or more if you a modified version if you do not pay the creators (in Bitcoin to its untraceable and not refundable) encrypt all of your files on the computer. 
• If your computer gets infected take it off of your network immediately! The ransomware will spread to other computers on the network! You can restore from a backup. 
• If you would like our assistance with ANY of the procedures above or would like us to secure your computer and/or network to the best of it's ability, let us know and we can schedule an onsite or remote session for you!! 

More from Microsoft on the bug and associated patches to help prevent infections from WannaCry:
https://technet.microsoft.com/…/libr…/security/ms17-010.aspx

Jon-Eric Pienkowski

_________________________

Pacific NorthWest Computers

www.pnwcomputers.com

(360) 624-7379

www.facebook.com/PacificNWComputers

www.twitter.com/PacificNWComput

plus.google.com/+Pnwcomputers

www.linkedin.com/company/pacific-northwest-computers

www.pnwcomputers.blogspot.com

New Virus Alert: CryptoLocker!

A New Virus Has Surfaced ~ CryptoLocker

CryptoLocker is a new, nasty piece of malicious software that is infecting computers around the world; encrypting important files and demanding a ransom to unlock them. If you get hit with this virus you risk having your personal data encrypted and lost for good!

This sophisticated malware is delivered the old-fashioned way – an executable file hidden inside an attachment that looks like an ordinary ZIP file or PDF. One small business reports being compromised after clicking on an email attachment that was designed to look like a shipping invoice from the U.S. Postal Service.

The CryptoLocker virus can be removed from an infected system, but unfortunately at this time there is no way to retrieve the private key that can be used to decrypt your files without paying the ransom. Brute forcing the decryption key is not realistic due to the length of time required to break the key. Also any decryption tools that have been released by various companies will not work with this infection. The only method you have of restoring your files is from a backup or Shadow Volume Copies if you have System Restore enabled. Newer variants of CryptoLocker attempt to delete the Shadow Copies, but it is not always successful.

Preventive Measures:

1. BACKUP ALL OF YOUR DATA ASAP! That’s the only way to reduce the risk of losing your files forever. Also, to avoid getting your backup's encrypted your backup device should be disconnected from your computer until the next time you need to access it or run a backup. 
2. Download and install a free utility called 'Crypto Prevent'. Crypto Prevent is a small utility that changes a few settings in your computer to help prevent the CryptoLocker infection from happening in the first place! Its not a golden bullet however, so having current data backups is your ulitimate defense. You can downloading the Crypto Prevent utility directly from the link below!

http://www.foolishit.com/vb6-projects/cryptoprevent/

If you need any assistance we can setup a visit to help secure and backup your computer for you!

Let us know if you have any questions or issues!

Jon Pienkowski
Pacific NorthWest Computers
www.pnwcomputers.com
360-624-7379