Should You Pay for a Ransomware Attack?

Should You Pay for a Ransomware Attack?Ransomware

Getting hit with a ransomware attack is never fun, your files get encrypted by cybercriminals and you’re left having to decide: should we pay to get them back? It’s a scene that’s played out across the world with 70% of businesses saying ‘yes’ in 2016 alone. Here’s what you should consider if you’re ever in this situation.

Do you trust them?

Besides the fact that they’re criminals holding your data hostage, how confident are you that they’ll send the decryption key? Most attackers demand you send the payment via untraceable Bitcoin, so you have no recourse if they take it and run. You’re also equally trapped if they decide they asked too little and come back with increasingly higher demands. If they do send the decryption key, be aware they still have access to your systems and can hit you again at any time until your network is disinfected by experts. Businesses don’t exactly want their breach publicized either, so many don’t admit to paying the ransom, whether it went to plan or otherwise.

Can you manage the impact?

Best case scenario, you can wipe the affected drives and restore from a clean backup without paying the ransom. You might even decide the encrypted files aren’t that important and simply let them go, or even wipe a whole laptop or workstation. On the other hand, if your data management comes under any special regulations, like health or legal, you may find the attack has a much wider, more intense impact. The attacker will usually give you a countdown to motivate a payment, with a threat of deletion when it hits zero. If the data isn’t that valuable, or you have confirmed backups, this urgency has no effect. There are also new types of ransomware like KillDisk which can permanently wipe your entire hard drive or even network.

How much do they want?

Cybercriminals rarely send out global attacks with set amounts, instead, they prefer to customize the ransom based on how much they think you can pay. Large corporations and hospitals are hit with very high demands, while small business demands are more modest. They may be criminals, but they’re smart people who know your financial limits. They’ll also consider how much similar businesses have paid and how quickly, then expect you to follow suit.

Are your backups good?

Many businesses are discovering too late that their backup systems aren’t robust enough to withstand this type of attack. Either they’ve become infected too, they weren’t up-to-date or they backed up the wrong data. It’s worth doing some quick checks on your backup processes as even if you have to take the system down for a day as you recover, you’re still light years ahead of those without them.

What’s your policy?

More and more often, businesses are adding ransomware to their disaster recovery plans and having predefined actions mapped out. Seemingly simple inclusions like who has final say over the payment decision can stop chaos in its tracks. Employees and management alike can then approach the situation calmly, ready to make the best decisions for the business.

Stay safe in the first place

Ransomware is showing no signs of slowing down. As more businesses keep them funded the cybercriminals are steadily launching new attacks and making it their full-time job. Most attacks come via phishing emails – those emails that trick employees into clicking a link – and they can be extremely convincing. While training helps people spot them, it’s no guarantee. We recommend using business-class spam filters to catch these types of emails before they land in your employee inboxes so that triggering a ransomware attack becomes something that happens to other businesses, not yours.

Secure your data systems now, we can help! Call us at 319-227-7000

2018-10-07T10:21:39-05:00June 5th, 2018|Ransomware|0 Comments

How to Tell if Your Computer Has a Virus?

How to Tell if Your Computer Has a Virus?Virus

Sometimes computers do wacky things that ring alarm bells and make us dive for cover. Next thing you know, you’re running scans on repeat and demanding everyone come clean about their browsing habits. Fortunately, not all weird occurrences are caused by viruses – sometimes your computer is simply overloaded, overheating or in desperate need of a reboot. Here are the tell-tale signs of a malware attack:

Bizarre error messages

Look for messages popping up from nowhere that make no sense, are poorly worded or plain gibberish – especially if they’re about a program you don’t even have. Take note of anti-virus warnings too, check the warning is from YOUR anti-virus software and looks like it should. If a message pops up that isn’t quite right, don’t click. Not even to clear or cancel the message. Close the browser or shut down the computer instead, then run a full scan.

Suddenly deactivated anti-virus/malware protection

You know the best way to get past the guard? Send him for a coffee break! Certain viruses are programmed to take out the security systems first, leaving you open to infection. If you reboot and your protections aren’t back on the job, you are more than likely under attack. Attempt to start the anti-virus manually and you’ll know for sure.

Social media messages you didn’t send

Are your friends replying to messages you never wrote? Your login details might have been hacked and your friends are now being tricked into giving up personal information or money. Change your password immediately, and advise your friends of the hack.

Web browser acting up

Perhaps you’ve noticed your homepage has changed, it’s using an odd search engine or opening/redirecting unwanted sites. If your browser has gone rogue, it’s definitely a virus, usually one intended to steal your personal or financial details. Skip the online banking and email until your scans come up clear and everything is working normally again.

Sluggish performance

If your computer speed has dropped, boot up takes an eternity and even moving the mouse has become a chore, it’s a sign that something is wrong. But not necessarily a virus. Run your anti-virus scan and if that resolves it, great. If not, your computer likely needs a tune-up or quickie repair.

Constant computer activity

You’re off the computer but the hard drive is going nuts, the fans are whirring, and the network lights are flashing like a disco? It’s almost like someone IS using the computer! Viruses and malware attacks use your computer resources, sometimes even more than you do. Take note of what’s normal, and what’s not.

Got a virus? Give us a call at 319-227-7000

2017-09-25T11:55:24-05:00October 10th, 2017|Ransomware, Security|0 Comments

Petya Ransomware is Spreading Across the World

Petya Ransomware is Spreading Across the WorldPetya Ransomware

There is a new strain of ransomware in the wild. It has multiple names such as Petya, Petrwrap, or NotPetya. This ransomware is being spread via an SMB vulnerability called EternalBlue. This is the same vulnerability that was used to spread WannaCry. A big difference with Petya is that it also encrypts the master boot record of the hard drive after encrypting your data, which makes accessing the drive almost impossible unless you pay the ransom. However even if you pay the ransom there is no guarantee that you will get your data back. Your best bet is to restore from backup. You do have a good backup in place with multiple copies of your data right?

Our network security service stops ransomware in it’s tracks by providing layered security. We include a managed firewall, managed backup, managed anti-virus, and patch management.

2017-06-27T16:33:09-05:00June 27th, 2017|Ransomware|0 Comments

MRCR Ransomware Decrypter

MRCR Ransomware Decrypter

If your computer has been infected by the MRCR Ransomware, below is a decryption tool that you can use to decrypt your data. If you are unsure about how to proceed give us a call at 319-227-7000 so we can schedule a time to take care of this for you.

MRCR Decrypter (Emsisoft)
MRCR or Merry X-Mas is a ransomware family that first appeared in December last year. It is written in Delphi and uses a custom encryption algorithm. Encrypted files will have either “.PEGS1”, “.MRCR1”, “.RARE1”, “.MERRY”, or “.RMCM1” as an extension. The ransom note is named “YOUR_FILES_ARE_DEAD.HTA” and asks victims to contact either “[email protected]” or “comodosecurity” via the secure mobile messenger Telegram.

Contact us Now 319-227-7000

2017-02-02T13:10:58-05:00February 2nd, 2017|Ransomware|0 Comments

Marlboro Ransomware Decrypter

Marlboro Ransomware Decrypter

If your computer has been infected by the Marlboro Ransomware, below is a decryption tool that you can use to decrypt your data. If you are unsure about how to proceed give us a call at 319-227-7000 so we can schedule a time to take care of this for you.

Marlboro Decrypter (Emsisoft)
The Marlboro ransomware was first seen on January 11th, 2017. It is written in C++ and uses a simple XOR based encryption algorithm. Encrypted files are renamed to “.oops”. The ransom note is stored inside a file named “_HELP_Recover_Files_.html” and includes no further point of contact. Due to a bug in the malware’s code, the malware will truncate up to the last 7 bytes from files it encrypts. It is, unfortunately, impossible for the decrypter to reconstruct these bytes.

Contact us Now 319-227-7000

2017-02-02T12:43:11-05:00February 2nd, 2017|Ransomware|0 Comments

Globe3 Ransomware Decrypter

Globe3 Ransomware Decrypter

If your computer has been infected by the Globe3 Ransomware, below is a decryption tool that you can use to decrypt your data. If you are unsure about how to proceed give us a call at 319-227-7000 so we can schedule a time to take care of this for you.

Globe3 Decrypter (Emsisoft)
Globe3 is a ransomware kit that we first discovered at the beginning of 2017. Globe3 encrypts files and optionally filenames using AES-256. Since the extension of encrypted files is configurable, several different file extensions are possible. The most commonly used extensions are .decrypt2017 and .hnumkhotep. To use the decrypter, you will require a file pair containing both an encrypted file and its non-encrypted original version. Select both the encrypted and unencrypted file and drag and drop both of them onto the decrypter file in your download directory. If file names are encrypted, please use the file size to determine the correct file. The encrypted and the original file will have the same size for files greater than 64 kb.

Contact us Now 319-227-7000

2017-02-02T12:39:59-05:00February 2nd, 2017|Ransomware|0 Comments

OpenToYou Ransomware Decrypter

OpenToYou Ransomware Decrypter

If your computer has been infected by the OpenToYou Ransomware, below is a decryption tool that you can use to decrypt your data. If you are unsure about how to proceed give us a call at 319-227-7000 so we can schedule a time to take care of this for you.

OpenToYou Decrypter (Emsisoft)
OpenToDecrypt is a ransomware written in the Delphi programming language that encrypts your files using the RC4 encryption algorithm. Encrypted files get renamed to *[email protected] and a ransom note named “!!!.txt” can be found on your Desktop.

Contact us Now 319-227-7000

2017-02-02T12:37:56-05:00February 2nd, 2017|Ransomware|0 Comments

GlobeImposter Ransomware Decrypter

GlobeImposter Ransomware Decrypter

If your computer has been infected by the GlobeImposter Ransomware, below is a decryption tool that you can use to decrypt your data. If you are unsure about how to proceed give us a call at 319-227-7000 so we can schedule a time to take care of this for you.

GlobeImposter Decrypter (Emsisoft)
GlobeImposter is a Globe copycat that imitates the ransom notes and file extension found in the Globe ransomware kit. Encrypted files have the extension *.crypt and the base name of the file is unchanged. The ransom note is named “HOW_OPEN_FILES.hta” and can be found in all folders that contain encrypted files.

2017-02-02T12:34:52-05:00February 2nd, 2017|Ransomware|0 Comments

NMoreira Ransomware Decrypter

NMoreira Ransomware Decrypter

If your computer has been infected by the NMoreira Ransomware, below is a decryption tool that you can use to decrypt your data. If you are unsure about how to proceed give us a call at 319-227-7000 so we can schedule a time to take care of this for you.

NMoreira Decrypter (Emsisoft)
Use this decrypter if your files have been renamed to either *.maktub or *.__AiraCropEncrypted! and you find a ransom note named either “Recupere seus arquivos. Leia-me!.txt” or “How to decrypt your files.txt” on your system.

Contact us Now 319-227-7000

2017-02-02T12:32:39-05:00February 2nd, 2017|Ransomware|0 Comments

OzozaLocker Ransomware Decrypter

OzozaLocker Ransomware Decrypter

If your computer has been infected by the OzozaLocker Ransomware, below is a decryption tool that you can use to decrypt your data. If you are unsure about how to proceed give us a call at 319-227-7000 so we can schedule a time to take care of this for you.

OzozaLocker Decrypter (Emsisoft)
Use this decrypter if your files have been renamed to *.locked and you find a ransom note named “HOW TO DECRYPT YOU FILES.txt” on your desktop. Double clicking an encrypted file will also display a message box instructing you to contact “[email protected]”. To use the decrypter you will require an encrypted file of at least 510 bytes in size as well as its unencrypted version. To start the decrypter select both the encrypted and unencrypted file and drag and drop them onto the decrypter executable.

Contact us Now 319-227-7000

2017-03-16T16:43:37-05:00February 2nd, 2017|Ransomware|0 Comments
This website uses cookies and third party services. Ok