Recently we have been facing cyberattacks with more numbers as compared to before. It is because the world is moving towards the digital era. Attacks from normal viruses or malware are old-fashioned now as they could only harm your system and its data. but there was no benefit to the attacker. This is why ransomware came into the picture and widespread their terror.
I experienced ransomware attack twice in the past few months and I could not protect the data for the first time, but as said by Lauren Conrad -
"You never make the same mistake twice. the second time you make it, it is no longer a mistake. it is a choice".
So, you must be prepared to make the same mistake twice and that's exactly what I did.
How Ransomware Attacked My Friend's System?
A few weeks ago my friend called me to help him with some document work and he did not have Microsoft Office installed on his laptop. To help him, I went over his place, and to enable us to work smoothly with the documents, I downloaded MS Office Suite 2016 from one of the popular torrent website I was aware of.
After downloading, it suggested purchasing a product key to use it to its full, but I was not ready to pay. So, I tried to find a cracked version of MS Office or any software which could crack its product key. I found one on a random site at Google. I downloaded it, installed it, and when I opened it, it didn't do anything. I tried opening it several times and it did not work. I found it useless but I was not aware of what it brought to us.
After an unsuccessful try, I suggested my friend work on my laptop instead as I have the licensed MS Office installed. The next day when I went to his place and finalized the document on his laptop, I noticed that some of his laptop's files were not showing the icons. At first, I thought it's the processing that is delaying the loading of some files in a folder, but after looking at it properly it cleared to me that the files are encrypted and there is an extension added (.aeur) to all the files available in all the folders.
Also, there was a _readme.txt file present in all the folders of both the drives created on the laptop. Below is the screenshot of the content of the file -
We knew that there is nothing we could do now and we finally re-installed the OS and lost all the files.
How Did I Repeat The Mistake And Welcomed Ransomware?
After three weeks, I downloaded a license cracking software from a random website to crack a password reset tool to reset the password of my old laptop which I forgot. After downloading the file, I thought for two minutes about the consequences and decided to give it a shot, and voila - Nothing happened. That's means the ransomware started working behind the scenes which I predicted. To assure whether any file is impacted, I checked the files and saw no impact, but very soon I saw behavior in the processes running.
I understood that I have very little time to save my data and I did my best to protect but it took me more than an hour to realize that the file encryption has been started and took around two and a half hours to remove all the malicious files and viruses.
How To Recognize Malicious Files?
Whenever you look for third-party software on Google, you must make sure to download software from trusted websites such as Softonic, CNET, etc. In case you download the software from a suspicious website, you can figure out if your system is vulnerable to the software or not.
Things To Notice After You Download Any Software From Any Untrusted Website -
- If you have a web firewall activated in your system, the downloaded file will be automatically blocked by the system if it's not a password-protected zip file.
- Even if you allow the app to stay in your system and if it's a directly executable file (.exe for windows), then the chances of being vulnerable are less.
- If the software is zipped and the zip file is not password protected, then it's a good sign for trustworthy software, but if it is password protected, you would find the password file somewhere on the website. You will still be protected if you did not recognize the ransomware and unzipped the files.
- The executable file that you extracted from the zip file will have the utmost chance of being malware which nowadays is created as ransomware. So, I strictly suggest you never open/execute it.
What If You Executed The Extracted File? How to Protect System Now?
Once you executed the file you extracted and you noticed that nothing happened but you saw something loaded, that means ransomware is activated and the malware is now given the job to encrypt all files in your system.
As soon as it happens, turn off the network. Once you disable WIFI on your laptop/computer, the ransomware could not do anything.
Earlier when ransomware started growing their career, the attackers used to write the encryption logic in the executable file itself. Considering these attacks, preventive applications were developed and you could find the app to decrypt the files as well, but not anymore. Nowadays, encryption happens online and due to this reason, it stops once the network is disabled.
Measures To Follow To Prevent File Encryption -
- Disable your WIFI or network.
- If you are using Windows, Open Windows Security and find Exclusions. In Windows 10, you can search for Windows Security, click on Virus & Thread protection, click on Manage settings under Virus & threat protection settings, scroll down to find Add or remove exclusions and open it. You may find the list of processes excluded by the malware so that your Windows Defender cannot find it while scanning.
- Remove all the processes from exclusions and scan the system.
- While scanning is in progress, open Task Manager and open Resource Monitor at the bottom of the Performance tab.
- Check if any unusual process is running in Memory, Disk, and Network and suspend the process.
- Once Windows Defender scans all the files and folders it will quarantine all the malicious files and protect your system, but if you do not trust it, you can also try alternative antivirus software.
- In my case, I used Malwarebytes which works for two weeks with full features enabled in the trial version.
I was able to kill all the malware and protect myself from ransomware threats and protected 25% of my whole data. If only I knew the right steps at the right time, I could save 100% of my data.
The files encrypted due to ransomware could be of any extensions - Nooa, Aeur, Moqs, Gujd, Zzla etc. You may never be able to decrypt the files after the encryption is done. So, I would hardly recommend following proper preventive measures and keep your system safe.
As a backup measure, you could configure One Drive and Google Drive to your system to smoothly backup your data to the cloud, so that even if anything bad happens, you can recover your data.
I hope this helps you to protect against ransomware. Thanks for reading!