What is ransomware?

Ransomware is a type of malware that encrypts victims’ files and demands a ransom for the decryption key to release them. This form of attack can cause severe disruptions and financial losses for businesses and individuals.

Ransomware is constantly evolving and targeting both businesses and individuals, causing significant operational disruptions. Attackers exploit security vulnerabilities to gain access to systems, encrypting critical files and demanding payment in cryptocurrency for their release. Businesses should invest in backups and prevention programs to reduce risk. For comprehensive ransomware incident response and immediate recovery, visit TicTac’s Ransomware Incident Response service.

What Ransomware Viruses Do

Ransomware viruses encrypt your computer files and demand a ransom to restore them.

Some of the most well-known are shown below:

Dharma RansomwareDecrypt RansomwareMalware Data RecoveryVirus Encryption
ADOBE (.adobe)
ARENA (.arena)
ARROW (.arrow)
BETTA (.betta)
BIP (.bip)
BKP (.bkp)
BRRR (.Brrr)
CESAR (.cesar)
COMBO (.combo)
CrySiS
GAMMA (.gamma)
JAVA (.java)
MONRO (.monro)		Locky (.locky)
Zepto (.zepto)
ZZZZZ (.zzzzz)
Thor (.thor)
Odin (.odin)
Osiris (.osiris)
Aesir (.aesir)
JAFF (.jaff)		CryptoLocker
Crypt0L0cker
CryptoWall 3
CryptoWall 4
CryptXXX
Krab (GandCrab)
Crypto Malware
Encryption Malware
Bitpaymer Ransomware		Crypto Virus (encryption virus)
DMA Locker
Tesla Crypt
Globe
GlobeImposter
Troldesh
XTBL
Spora
Cry36

What is Ransomware?

  • It is perhaps the biggest threat to your data, with numerous cases worldwide.
  • It is a type of computer virus.
  • Instead of deleting or destroying files, it locks the files (encrypts them) in a way that only the virus creator can provide a solution (usually) with an additional program (decryptor) that they “sell” to us.
  • It demands a ransom (usually $1,000 – $10,000) in Bitcoin to retrieve your files.
  • It is not typically detected by antibiotics or antiviruses.
  • It also locks Backups!

How do I get infected with Ransomware?

  • Opening files from unknown email addresses
  • Clicking on an unknown link from untrustworthy websites
  • Downloading illegal software (Warez, Cracks)
  • Through Windows Remote Desktop Connection
  • Using outdated software
  • Having shared folders open

In Greece, we have many Ransomware incidents.

Doesn’t my computer engineer or technician know about Ransomware?

  • They can’t possibly know every potential threat to your files, nor can they constantly monitor your backup system.
  • They won’t be able to help if a hard drive or RAID system fails and you don’t have a proper backup.
  • They can’t decrypt your files after a ransomware attack once everything gets locked.
  • They’re not equipped to protect you from external cyberattacks, detect security vulnerabilities, or advise you on cyber insurance coverage.

These are tasks handled by specialized Data Recovery and Cybersecurity companies.

Ransomware Protection Principles

1. We keep backups locally and in the Cloud for the best protection against Ransomware

Because the future is in Cloud Backup.

  • You can stop it whenever you want.
  • No need for a significant investment.
  • The business owner can have daily updates if something goes wrong and is responsible for their own files.
  • It protects us from any threat that has appeared to date.
  • You can test it at any time to see if it works.
  • You are charged according to the volume you use, on a monthly basis.
  • Protects against natural disasters or accidental deletion.
  • You can restore previous versions of files you changed (Versioning).
  • You can use it on Windows machines or mobile devices.
  • Protects your critical databases.

Read the detailed, free guide to proper Backup today to understand the mistakes you may already be making.

Advantages of Cloud Backup

  • Automation: Everything is done automatically, and you can have a daily report.
  • Artificial Intelligence: Search for documents or photos easily!
  • Ransomware Protection: The original version of the synced file is kept forever, and you can request it.
  • Easy Version Rollback: Request a version of the file as it was in an earlier version. So if a file is accidentally modified or deleted, you can find it.
  • Hybrid Backup: You can synchronize your files to an external drive or another computer on your premises, along with the Cloud.
  • Access your data from anywhere!

Request a free Demo of TicTac DRaaS Cloud Backup today and worry-free from any data loss.

Diapragmateysi Ransomware Hacker Negotiation Ransom Payment Pliromi Litron 1
What is Ransomware – How do I protect myself from Ransomware?

2. Be careful of unknown emails

We always pay attention to the following information in our incoming emails:

  1. Who is the sender?
  2. Is the sender’s Domain Name correct?
  3. We do not click on unknown links.
  4. We do not open attached files.
  5. We hover the mouse over the link without clicking on it to see if it leads to a known domain name!

We never open unknown attachments

  • A large percentage of Ransomware infections are delivered via email attachments that appear to be Word (doc or docx), Excel (xls or xlsx), and PDF but have a hidden second extension.
  • Enable the mandatory display of suffixes in your operating system to see multiple suffixes.
  • If you don’t know, ask your technician how to do it.

We activate SPAM filters

  • All online email providers (such as Gmail or Hotmail) have spam filters enabled and can detect most malicious emails.
  • If you do not have an online email, then we recommend the following service: mailcleaner.org

3. Use Antivirus & Web Filtering

Antivirus is now mandatory, and free antivirus software can no longer be a solution for either individuals or small businesses.

We recommend that you check out Webroot’s solution, which, after our tests, is the best Antivirus.

But why aren’t Antiviruses enough on their own?

  • Antiviruses detect the headers of executable files of known viruses, such as Webroot, as well as some other modern antiviruses. These antiviruses also perform behavioral analysis, which is particularly important.
  • Every day, Ransomware modifies its code to avoid detection by well-known Antiviruses.
  • So Antivirus protects against the most well-known Ransomware, but not all of them.

We always pay attention to the following information about Antivirus

  • Antiviruses do not detect all Ransomware threats, but they block infections from many of them.
  • At TicTac, we use  Webroot Antivirus, which is a very lightweight and reliable Antivirus.
  • Always use the paid versions of Antivirus.

You can use Web Filtering

  • There are online platforms that can filter your network content for malware and dangerous pages.
  • One of them is TicTac Content Filtering, which you can try at a minimal cost.
  • Web Content Filtering is now an essential service and works almost like a Firewall, but is updated frequently.

4. Operating System & Application Updates

We always do all the Updates

  1. Whether you use Windows, Linux, macOS, or another operating system, you should always install the recommended updates.
  2. We make updates on the day they are published.
  3. We do not use illegal software without updates, as it is now a significant risk
  4. If you can’t afford Windows, consider installing a friendly Linux distribution, such as Linux Mint.

We keep our applications updated

  1. We keep all our applications up to date
  2. You can use a free app to find what needs updating on your computer. Recommended: Patch My PC Updater

Preferably install Linux

  • Linux is more difficult to use at first
  • It is safer.
  • It has less chance of getting infected as it is built with security in mind
  • It’s constantly getting easier to use

Try:

  • Zorin OS
  • Linux Mint

5. Avoid Illegal Software Sites

Many Ransomware lurk on Warez Sites

  • We do not download cracked programs from unauthorized or illegal websites. There is a significant risk with Ransomware.
  • It’s not worth the risk of illegally downloading music and movies from sites that contain lots of malicious ads.
  • There is now a risk that our IP address will be tracked if we don’t use a VPN, and we will be vulnerable to Ransomware.

6. Always use secure passwords

How do I create secure passwords? You need to devise a unique password creation algorithm for each different site.

For example, the first 2 letters of the site along with half of your name, two exclamation points, and a random number, and we start with a capital letter: Timicha32!!

  • At least 8 characters
  • Includes a number
  • Includes at least 1 uppercase and 1 lowercase letter
  • Includes symbols
  • Does not include whole words
  • Does not include personal information (e.g., full name)
  • It’s not easy for someone to think about it. Click here to test your Password!

7. Open Services and Ports (for technicians)

Disable or Change Port in RDP (if you want protection from Ransomware)

Remote Desktop Connection (RDP) is one of the primary causes of ransomware infections, by far.

You should always keep Windows updated with the latest Patches.

We recommend disabling RDP, or if necessary, and you cannot do your work with TeamViewer or something similar, changing the default port.

You can find instructions on Microsoft on how to do this.

Click here.

Disable Powershell

Windows PowerShell is a feature you won’t use often.

However, it is an intermediary piece of access to your system that Ransomware exploits. Here’s how you can deactivate it.

Disable Windows Scripting Host

Several Ransomware attacks have been carried out using WSF files, which use the Microsoft Windows Scripting Host to execute.

If you are not using the service, it is a good idea to turn it off to prevent the execution of any file you run with the Windows Scripting Host.

Here’s how to turn it off.

8. Penetration Testing (for companies) for protection against corporate Ransomware

Know your weaknesses before attackers with Penetration Testing!

Once you identify your security gaps, you work with your computer scientist to determine which ones you want to address and which ones you don’t.

Web Penetration Testing is a process that concerns all companies, regardless of their level of internet connectivity.

In essence, it enables you to identify security gaps in your information systems before malicious visitors can find and exploit them.

A detailed report is provided to both the business manager in simple terms and the technical department with technical details.

What is Penetration Testing?

  • Required by ISO27001
  • It is usually done on an annual basis.
  • The owner knows how much risk he is in
  • The engineer knows what to do.

BlackBox Penetration Testing:

You give us your IP or your Website’s IP, and TicTac’s team of Cyber ​​Security experts tries to gain access to your systems (like a hacker would do with a blind tap)ύπημα)

Whitebox Penetration Testing:

Our team, familiar with your infrastructure, seeks to identify security gaps that a hacker might exploit to compromise your systems.

9. Cyber ​​Insurance for protection against Ransomware

Cybersecurity Insurance Benefits

  • Coverage of business interruption costs
  • Coverage of the team of specialist consultants who will undertake the management of the company’s breach incident
  • Coverage of all legal advice and public relations expenses to address defamation of the company
  • Coverage of financial sanctions (administrative fine) by the Data Protection Authority
  • Coverage of all costs of restoring the company’s electronic infrastructure (IT Infrastructure)
  • Civil Liability Coverage (Defense costs for any breach of personal or corporate data for contamination of third-party partner company data, theft of system access password, theft of equipment containing personal data, employee negligence or error)
  • Coverage of the cost of notifying the company’s customers that their data has been breached..

10. I have been infected with Ransomware. What should I do?

Find free information at Nomoreransom.org

The good news is that there may be a free solution available for the virus that has encrypted your files, and a solution may already exist.

So you won’t have to pay the ransom. The bad news is that decryption keys have been found for very few types of Ransomware.

Start from the website  http://www.nomoreransom.org

If you need help or there is no solution, our team is available to explore every possible way of finding a solution to recover your files.

Sometimes, however, there is no solution for Ransomware, so you have to consider alternatives.

Free file decoding

You can check for yourself on this website if there is a solution for the virus that has affected you.

https://www.nomoreransom.org/en/decryption-tools.html

Keep this presentation and website, as sooner or later, one of your acquaintances or customers will be hit with Ransomware, so know what to do.

Our team is always available for consultation and technical services related to data recovery from Ransomware.

What else does TicTac do?

When, for any reason, you don’t have access to your files, our work begins!
File Recovery from:

Additional Resources

Related articles

Ransomware 2019

For more information about what Ransomware is and how to protect yourself from it, contact us.