Ransomware is a new generation threat that uses a strong Encryption algorithm that encrypts the some or all your computer files.
Hackers use Phishing Emails, RDP vulnerabilities and cracked software in order to enter your infrastructure.
Then they launch the encryption trojan to lock your files while the malicious hacker has they only key to the decryption.
The Ransomware reseller or controller, after all your files are encrypted, asks you to pay a ransom payment in order to decrypt your files.
Sometimes you will be blackmailed not only to pay once but many times in order to get your files
Ransomware teams are ruthless and will try to extort as much money they can from you, in the form of bitcoin or other cryptocurrencies.
Sometimes they demand huge amounts and even when they get paid, they ask for more.
You can never be sure.
Also sometimes they give you a certain timeframe where you need to pay and if you don’t they double the price.
But even if you don’t pay, they will blackmail you that they will release your data to the public.
Keep calm and consult an exper ransomware incident response team to consult you in order to resolve the incident fast and not lose your time or money.
Are there different families of Ransomware?
Yes, they are many and they have different characteristics and behaviours.
Some of the most popular Ransomware Families are the following:
These are some of the best known encryption trojans.
Removing an Encryption Trojan and restoring the data is not possible for all of them, because there are big differences in the versions of the Trojans.
There are some first steps that you can do before you consult a specialized ransomware incident response team.
- Shut down your computer or server as soon as possible with the normal shut-down process.
- DO NOT power down your computer or server via the power off button as this may cause damages beyond repair
- Ransomware usually works with a serial order from file to file, so you may save some files
- Disconnect your computer or server from any kind of network LAN or WAN
- This step will prevent further infection of files around the network.
- Remove all your external drives from the infected computer
- Disconnect any shared resources such as NAS devices or shared computers along the local area network
- Create a full image of the infected machine or at least copy all the encrypted files to external drive
- It is highly recommended to use a live CD to create a full image of the system
- Some Ransomware viruses demand that you have your system intact, that’s why we recommend a full image creation
- Do not contact the hacker or the person who demanded the ransom
- Mistakes in the communication and common sense does not work in most cases
- You may do irreversible mistakes during the negotiation
- Do not remove the Ransomware Virus yourself
- Lots of Ransomware families have antivirus detection scripts that may cause further damage to your system
- When some Ransomware detect that you try to implement security measures they may cause irrepairable damage to your files
- Do not pay the ransom the attacker demands
- Even if you pay you do not know if you are getting your files back
- They may blackmail you for more payments as they understand that they can extract more from you
- They may take the money and dissapear without any notice
- If you haven’t worked with ransomware incident before, you should leave this process to an expert.
- Your IT Administrator usually is not an expert in ransomware and might cause further damage
- Tictaclabs Ransomware Incident Response team can help the management and your IT Team take important and valuable decisions that will save you time and money
- In most cases we can help you recover 100% of the files, reduce your downtime
- We can consult you on how to secure your infrastructure after the incident
A Ransomware attack and beeing hostage is a very unpleasant surprise for everybody, especially if your backups are encrypted too.
TictacLabs started as a Data Recovery company in Europe, Greece and from 2016 is specializing in helping organizations decrypt files from ransomware in the fastest and secure way possible.
TictacLabs is a company founded in 2001 and we have helped many companies around Europe recover their data from any incident, including Ransomware.
- Expertise in Ransomware Decryption and Ransomware data recovery since 2016
- A personal engineer is assigned on your case who can consult you perform the correct actions
- Your data is confidential and we respect that since we are GDPR compliant with ISO27001/ISO9001
- We have a specialized Data Recovery Department and we are offering IT Support from 2008 and cyber security solutions since 2016
- We have a 24/7 emergency service in case this is requested
- We have helped hundreds of organizations recover their files fast but also secure their infrastructure after the incident.
What can I do if my computer is infected by Ransomware?
This depends on the variant of the ransomware that infected your system.
Some ransomware strains can be decrypted for free, some have vulnerabilities and we have worked with hundreds of different variants.
You can contact our Ransomware Incident Response team for a free consultation.