How to remove the Ransomware and recover your files.


Ransomware-shl
For several days, many people had been contacting me to ask me about how to recover the files infected by the Ransomware, so I decided to make this post to explain how to perform the process and recover your files. First of all clarify that I have not had any experience with this type of virus, this post is a compilation of the best post, these are taken from recognized sites and will be in italics , the original links will be in the heading of each section. Texts and personal opinions will be in this source.
What is Ransomware?  Ransomware is a malicious software that by infecting our computer gives the cybercriminal the ability to block the PC from a remote location and encrypt our files, taking control of all information and stored data. To unlock it the virus launches a pop-up window asking us to pay a ransom.
Example image of a PC infected by Ransonware:
 
How does Ransomware work? 
  1) It is camouflaged within another file or desirable program for the user that invites to click: attachments in emails, videos of pages of doubtful origin or even in systems updates and programs in principle reliable as Windows or Adobe Flash.
 2) Once it has penetrated into the computer, the malware activates and causes the entire operating system to be blocked and sends the warning message with the threat and the amount of the "ransom" that has to be paid to recover all the information . The message may vary depending on the type of ransomware we face: pirated content, pornography, fake virus ...
  3) To enhance the uncertainty and fear of the victim, sometimes include in the threat the IP address, the Internet provider and even a photograph captured from the webcam.
 How to avoid Ransomware? The practices to avoid being infected by this malware are common to those that we must follow to avoid other viruses.
- Keep our operating system updated to avoid security flaws.
- Have a good antivirus product installed and always keep it updated.
- Do not open emails or files with unknown senders.
- Avoid browsing unsafe pages or with unverified content.

Ransomware in Windows.

This guide provides instructions and a link to download and use the latest Trend Micro Ransomware File Decryptor tool  to try to decrypt files encrypted by certain types of ransomware. As an important reminder, the best protection against ransomware is preventing it from ever reaching your system. While Trend Micro is constantly working to update our tools, ransomware programmers are also constantly changing their methods and tactics, which can make older versions of tools like this obsolete over time. Customers are recommended to follow the following safety practices: 
1) Make sure you have regular backups of the most important and critical data offline or in the cloud.
2) Make sure that you are always applying the latest critical updates and patches for your operating system and other key system software (eg browsers).
 
3) Install the latest versions of configurations and apply the best security tools such as Trend Micro to provide mutli-layer security.
  Types of Ransomware supported.
The following table shows the ransomware versions supported by this tool.
Extension of the encrypted file
  1. Click the Download button to get the latest version of Trend Micro Ransomware File Decryptor tool. Uncompress (unzip) and then run RansomwareFileDecryptor.exe or TeslacryptDecryptor.exe Download RansomwareFileDecryptor 
    Download TeslacryptDecryptor
     
  2. After executing it, he accepts the license to proceed.
  3. After accepting the license, follow step by step what the tool tells you.

    Anti-Ransomware

Due to the advanced encryption of this particular Crypto-ransomware, only partial data decryption is possible at present in the files affected by CryptXXX V3.
The tool will try to solve certain file formats after the decryption attempt, including DOC, DOCX, XLS, XLSX, PPT and PPTX (common Microsoft Office).
The fixed file will have the same name as the original file with "_fixed" added to the file name and will be placed in the same place. When you open the fixed file with Microsoft Office, you can present a message to try to repair the file again, and this process may be able to recover the document.
Keep in mind that due to the different versions of particular behaviors of Microsoft Office files, it is not guaranteed that by this method the document will be completely recovered. However, for other files after partial data decryption, users may have to use a third-party corrupted file recovery tool (such as the JPEGsnoop open source program ) to try to recover the entire file.
An example of this would be a photo or an image file that was partially recovered may show parts of the image, but not the entire image. A user can then determine if the file is important enough to use a third-party tool or request the assistance of a third-party professional file recovery service.
Image before being infected:

Image after recovery:

Linux Ransomware

Windows is the most used operating system of the entire network, so most developers, like hackers, usually launch their applications for this system. However, little by little the market share of Linux, especially in professional environments and servers, continues to grow, which increasingly calls the attention of these in order to take advantage of this operating system.
Ransomware is one of the most dangerous types of malware of recent times. When this malware infects a user it automatically begins to encrypt all of its data so that the only way to recover it is by paying a "ransom", without the guarantee that, even if we pay these pirates, we will receive the decryption key.
Until now, this type of malware only affected Windows users, who also had a difficult enough time to defend themselves against this threat since it is difficult to identify and eliminate even the main antivirus signatures, however, it is possible that users of Windows is no longer the only ones affected by this.
Doctor Web, an important Russian security company, has detected the first ransomware threat for Linux users, especially focused on infecting and hijacking all the servers used to host web pages. This threat, called by the security company as Linux.Encoder.1, is written in C language and uses the PolarSSL library to establish secure connections that are impossible to capture and then install as a service, or daemon, of the system before starting its dreaded function.
How does this Ransomware work?
 Once operating in the system, this new malware analyzes the file system in search of all the directories used mainly for the development and hosting of web pages. Once detected, it begins to encrypt all the files that are hosted there, along with all the documents, personal files and multimedia files that are found on the computer or server. For encryption uses an AES-CBC-128 algorithm.
When it finishes its task it creates a text file with the necessary instructions to recover the files, as well as the address of payment and the amount to enter that, in this case, is 1 Bitcoin.
Reach this Ransomware.
Home users are also at risk from this ransomware
Although the main objectives of this ransomware are the servers of web pages, the users are not free from danger. According to security experts, this malware can easily be ported to infect and attack all types of equipment, for example, NAS devices that are increasingly common in domestic environments as a server or network mass storage system.
Luckily, not everything is as simple as it seems. Thanks to the Linux permissions system, to run this malware on a Linux server or computer, it is necessary to do it with root permissions, so if we control the superuser account, it is easier for us to not be affected by this malware. , unless you take advantage of a privilege escalation vulnerability or run it manually with those permissions.
How to recover my files in Linux?
Bitdefender is the first security provider to release a decryption tool that automatically restores the affected files to their original state. The tool determines the IV and the encryption key by just analyzing the file, then performs decryption, followed by permission fixation. If you can boot the compromised operating system, download the script and run the program under the root user. 
To download the tool and know how to execute it, we invite you to read this BitDefender post .
We must clarify that after your system has been infected by the Ransomware, it is convenient to take a backup of your data and format it to be sure that the virus is no longer in our PC. After restoring your data to the new system, it is recommended to examine them with your antivirus software.

Recommendations:

1) Try to create restore points and backup copies of your files at least twice a week.
2) Be cautious when executing a program or script, only do it if the site of origin is reliable.
3) Use good Antivirus software (if you are a Windows user), such as Kaspersky , EsetNod Smart Security and Clamav (RECOMMENDED) since the latter is also available for GNU / Linux and is open source.
4) Use Firefox and follow the navigation techniques of these post: How to navigate anonymously without being tracked and Privacy and security in the network .
5) In addition to the aforementioned tools we can use these other tools that also have the same purpose in case the previous one does not give us the expected results.
Petya
6) Use GNU / Linux as the operating system.
Share To:

Hackerbrother

Post A Comment:

0 comments so far,add yours