How I Survived a Ransomware Attack Without Paying

Ransomware is a relatively new hacking method that has made headlines in recent few years. It is basically a method of locking all or most of your files with an encryption. In order to get your files back, you are required to make a payment (most likely in cryptocurrency) within a specified period of time. It is not recommended to pay ransomware hackers since it will incentivize further attacks, also there is no guarantee that you will get your files unlocked even if you pay, and it is possible that the hacker will have malicious software in your computer for future exploits.

I have been hit with ransomware just the other day. Most files were affected. It would have been a nightmare if I did not take certain measures prior to the attack. I’d like to share them with you here in the hopes that in an unfortunate event you get struck with this insidious attack, you will be protected.

Not all of the files on the hard drives connected to the computer were infected with the virus. But most were. And in each directory where the virus took hold had a _readme file that read:

ATTENTION!

Don’t worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
https://we.tl/t-jzgjeYI5Sl
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:
helpteam@mail.ch

Reserve e-mail address to contact us:
helpmanager@airmail.cc

Your personal ID:
0298SirjFckbB8yGjQaRWbao7NZwCbH8m6W0PDDT6DfkKK76

Well, isn’t that nice. They tried to keep me calm by saying, “Don’t worry, you can return all your files!” right off the bat. And even offered to decrypt a file for free. On top of that, I can get a 50% discount for the decryption software if I contact them within 72 hours. Wow! I never met such nice hackers.

Here’s how to avoid these jerks messing with your life.

  • Keep a backup of all your important files in a drive that is not connected to your computer for daily use.
  • Be extremely cautious downloading files from file sharing sites. Don’t if you can.
  • I use 2 desktop computers and 1 laptop. One of the desktops and the laptop are strictly for work use, the other is for higher risk activity such as downloads. So if I have to do a clean hard drive wipe because of a virus, I don’t lose my work files on my main PC.
  • Don’t download or open files in attachments or on websites you are not sure about. I made this mistake.
  • Do regular virus scans.

In the end, I had to delete all affected files. These were primarily documents and media files. No program or system files were impacted. This was probably a fairly mild form of ransomware, but I can see how still it could have a devastating effect if no backups were made. The way the ransomware was unleashed on my files was by an installation of a media player. As soon as the app was opened the virus encrypted the files. It was not easy to uninstall the player since it did not appear in the list of programs with the uninstall option. This is a clear sign of malicious software. So I ran a few of antivirus software: MalwareBytes, HouseCall from Trend Micro, and UnHackMe. Also I went through all the directories and deleted any unusually named files.

Bottom line is this:

  • Always backup your important files. Either on external drives or the cloud or both.
  • If you are able, have a separate computer for downloads and another for work. If the downloads do not prove to be dangerous then you can move them to your work computer via USB memory.
  • DO NOT CONNECT EXTERNAL DRIVES TO THE COMPUTER WHERE YOU DOWNLOAD FILES
  • Install antivirus software.

If you do this then you will be able to do clean re-install on the infected computer (not your primary computer), or delete encrypted files. All in all, it took less than a couple of hours to get back up and running.

If you had an experience with ransomware, please share it in the comments below.

 

Leave a Reply

Your email address will not be published.