Ransomware : A new kind of Maleware

Ransomware is a kind of malware (malicious software) that criminals install on your computer so they can lock it from a remote location. 
Ransomware generates a pop-up window, webpage, or email warning from what looks like an official authority. It explains that your computer has been locked because of possible illegal activities on it and demands payment before you can access your files and programs again.
e.g.

How do criminals install ransomware?

Ransomware is usually installed when you open a malicious email attachment or when you click a malicious link in an email message or instant message or on a social networking site or other website. Ransomware can even be installed when you visit a malicious website.

How do I avoid ransomware?

There are several free ways to help protect your computer against ransomware and other malware:
  • Keep all of the software on your computer up to date. Make sure automatic updating is turned on to get all the latest Microsoft security updates.
  • Keep your firewall turned on.
  • How do I remove a ransomware infection from my computer?
    Here are two methods on how you may be able to remove a ransomware infection from your computer.
    Method 1: Use the Microsoft Safety Scanner

    Before you begin, you will need to have access to a computer that is not infected and is connected to the Internet, so you can download a copy of the Microsoft Safety Scanner.

    Try to restart your computer in safe mode. Here's how:
    In Windows 7
    In Windows Vista
    In Windows XP
    If you are able to restart your computer in safe mode, run the Microsoft Safety Scanner in your computer.
    Restart your computer after running the Microsoft Safety Scanner.
    If this resolves your ransomware infection, follow these steps to take once your computer has been cleaned.
    If this does not resolve your ransomware infection, follow Method 2.
    Method 2: Use Windows Defender Offline

    Before you begin: you will need to have access to a computer that is not infected and is connected to the Internet, so you can download a copy of Windows Defender Offline.

    The way Windows Defender Offline works, is by allowing you to:

    Download a copy of the tool from a computer that has access to the Internet
    Save a copy of the recovery tool to a removable drive, in order to create bootable media
    Run the recovery tool on a compromised computer
    Note: Windows Defender Offline is not a replacement for a full antivirus solution providing ongoing protection. It is meant to be used in situations where you cannot start or scan your infected computer due to a virus or other malware actively running on the computer and impeding antimalware software.

    Here's how to use Windows Defender Offline:

    Determine if you require the 32-bit or 64-bit download. See the Microsoft Help and Support article for instructions on how to check if your infected computer is running a 32- or 64-bit version of Windows.
    Using a computer that can connect to the Internet, download the version of the Windows Defender Offline that applies to your infected computer.

    If your computer is a: 

    - 32-bit computer, then download the 32-bit version here. 
    - 64-bit computer, then download the 64-bit version here.

    Note: For the recovery tool to be effective, make sure you download the version that matches your infected computer. For example, if your 64-bit desktop is affected, you will need to download the 64-bit version of Windows Defender Offline and save it to a removable drive.
    Save the downloaded file to a local drive on your computer.
    Launch the downloaded file, and create a bootable device by following the instructions on the wizard. We recommend creating a bootable USB or CD; if you create a bootable USB, this can be updated for future use.
    From the infected computer, boot from the USB or CD you created in step 4. You may need to set the boot order in the BIOS to do this. This is device specific, so if you are unsure, refer to your system manual or manufacturer.
    Follow the prompts to run a full system scan. Depending on the outcome of the scan, your next steps will vary. Follow the prompts from Windows Defender Offline to manage any threat detections.
    If this resolves your ransomware infection, follow these steps to take once your computer has been cleaned.

0 comments: