- Top >
About Ransomware
What is Ransomware?
Ransomware is a virus that infects a PC or smart phone encrypting its files or locking its screen and then demands money in exchange for restoring the PC or smart phone to normal, when a file attached to an e-mail is opened or when a URL in the e-mail is clicked.
It may also encrypt files not only on the infected terminal, but those stored on a shared server or external HDD.
How can I prevent infection?
Applying a patch program to Windows or other OS.
Please be sure to use the latest security update program such as Windows Update.
Updating the definition file of your virus protection software.
Update the definition file of each virus protection software.
Check with each vendor to find out if the virus protection software you use detects each Ransomware.
Being wary of attached files or links in suspicious e-mail.
Be careful to never open files attached to, or to click links shown in, suspicious e-mail.
∗ In addition to taking infection protection measures such as updating software, etc., you should regularly back-up your files or store them isolated from your PC or server.
What if I am infected?
Using decrypting tools
Decrypting tools that security companies distribute, or that security researchers have developed are used to restore encrypted files to normal.
Recovering backup files or those stored in cloud storage.
If your files are regularly backed up, you restore them, or if you use cloud storage, you restore them using its restoration function.
Restoring files from a volume shadow copy.
Using [System Restore], which is enabled as the default on Window 7 or Windows 10, you may be able to restore your files using volume shadow copy (VSS: one backup function”).
According to the Ransomware, some are deleted but some remain.
Using deleted file restoration tools.
Some types of Ransomware do not erase files by overwriting them before it encrypts them and changes their extensions.
If files are not erased by overwriting, a deleted files restoration tool may restore the files.
Restoring a volume shadow copy with a restoration tool.
This is a method of restoring the above volume shadow copy with a deleted file restoration tool to restore the files to normal.
∗ But it seems to be impossible to apply the last three resolution methods to many recent advanced Ransomwares.
Last-Modified: January 21, 2020
The content ends at this position.