YTread Logo
YTread Logo

Dealing with a Ransomware Attack: A full guide

Dec 01, 2021
Okay, you've been

attack

ed somewhere every week. I get Twitter messages, Facebook messages, emails from people saying: hey, I've been infected or my friend has been infected. The video will be a complete

guide

to deal with

ransomware

. We are going to take you step by step and tell you everything you need to know about what to do if you are

attack

ed by

ransomware

. Everything shown in this video is going to be absolutely free so these are all the steps you need to take before you resort to any kind of professional help the first thing you will want to do is block infected computers on the network because I would say that there's a lot of ransomware out there 90% of the threats I see these days will encrypt your network to drives, so even if one machine on your network gets infected, it will most likely encrypt files on all of your systems, for what you want first is to isolate that system. obviously b block now where the traffic is using your firewall you can disconnect it from your network or you can just go the older route just disconnect ok ok but do what you have to to prevent ransomware from doing any more damage while I'm watching this video.
dealing with a ransomware attack a full guide
Another thing to keep in mind is that there are a lot of friends and where it is encrypted in real time, so anything new you transfer to the system will also be encrypted. This is again a classic error that some people try to restore from. backup and the ransomware is still active and encrypts the files they restore so the first thing you want to stop the ransomware from running is great if you can get in there and stop the process itself but if all you can think of is disconnecting the system is fine, just do what you want to get rid of the ransomware executable active on the system, you can do it with an anti-malware software, but again I advise caution when doing the step because some scanners are not very good when it comes to removing just the ransom or the executable; they can delete crucial data or your key file making your drops forever decryptable so be careful when you are running your scans and don't delete any key files or text files or ransom notes any of those things, just delete the ransom executable, obviously you can use any number of second opinion scanners for this.
dealing with a ransomware attack a full guide

More Interesting Facts About,

dealing with a ransomware attack a full guide...

I have Hitman Pro and MC Soft Emergency. well, but hey, my files are encrypted, what do I do with that leo? and don't worry, we're going to talk about that right now and I'll give you a live demo, so we'll go ahead and actually this system. we are going somewhere and we will talk about what you can do with your encrypted files, so the first thing you should do is check if your flaws are cracked because security researchers have hacked a lot of ransomware and made erza crack public available ly for free that you can use to restore your fake now there is an amazing site that allows you to identify what ransomware you have whether it is cracked or not and it is called ID ransomware so you can go ahead and search for your ID - ransomware don't malware hunter team.com this website was developed by daemon slave who is one of my colleagues and it is very easy to use so you can upload your ransom note here to be the text file that tells you that is infected by ransomware it could be an HTML file or something essentially the visual you see or you can go ahead and load a sample encrypted file to start off I'm going to infect the system with ransomware I know what e is cracked, so I'll go ahead and try running Jiggs on the system.
dealing with a ransomware attack a full guide
Now obviously it is a very old ransomware that uses a static key and is therefore easily accessible. I also made a video showing exactly how you can recover the static key. and decrypt somewhere you can go ahead and watch it if you want but in this video I'm just going to run it on the system encrypt our files and see what happens from there so I ran the ransomware and as you can see the data in our Documents folder now they're encrypted and we have a dolphin extension so what I'm going to do is go to ID somewhere we're going to find a sample encrypted file just go ahead and select this one and we'll click load and boom , there it goes, it immediately gets the result, it identifies the ransomware house puzzle and says that this ransomware is all cracked at this point if you found out that it runs more than you have HD crypt able to do don't pay the ransom don't do anything because there is a tool that can decrypt your files for free now this will probably be the fastest method to restore your data so you can go ahead and click here for more information on puzzle and as you can see we directly have a link to download t puzzle decryptor here you can go ahead and download that and these are very easy tools to operate you just need to scan the folders for encrypted files you can add a custom folder like that and then you can go ahead and click decrypt now once this is done as you can see our data is restored now you have to keep in mind this is the best case scenario so all ransomware is not cryptic so fact most of the big attackers aren't that's why they're so successful now i'll show you what happens if we get hit by ransomware that isn't cracked so we'll go ahead and run spores that i know for sure aren't cracked decrypted and as you can see now our computer is infected it has this HTML ransom note file so what it wants to do again in id ransomware The only thing is to provide a sample encrypted drop or the ransom notes, since I used this option last time, I'll just show you what it does with the ransom note, so we'll go to the desktop, select the HTML file, and click k on the payload and as you can see here it tells you that this ransomware has no way of decrypting the data right now so at this point your best bet is your backup so if you have backups of your offline data should be protected again if you followed the first tip, you unplugged the computer the moment you realized your files were being encrypted, the damage should be fairly contained and you should be able to restore from backup now, oddly enough, a lot of people contact me and say that they don't particularly care about their data, but they just want to get their system up and running, they just want to get rid of the ransomware now, in that case, the ransomware is not part of it. particularly hard to remove again you can use any kind of second opinion scanners like desktop ones there are plenty of perfectly repairable scanners that will detect and remove ransomware and no problem the only problem is you will just have to remove the encrypted data and replace it with new copies assuming obviously you have them if you don't store a lot of personal information on your desktop maybe you just have them in google drive or just use apple iCloud then obviously this isn't a big deal programs and stuff like that can just be replaced , I mean you can just download them if they're encrypted most of the time somewhere, it doesn't focus on things like that anyway, but now let's talk about the worst case, so the worst case is that you have Lots of valuable data on your system has been attacked by ransomware like this which cannot be decrypted and has no backup copies.
dealing with a ransomware attack a full guide
The backups were stored on some sort of connected network drive and encrypted as well, so in this particular case, you can just click here to get notified if there's any development regarding this somewhere, so that if you go ahead and provide your email address, you'll essentially be notified if, say, it's a post or some police agency manages to go back somewhere, find the command and control servers, and get the keys that way, for Of course, the probability of such an event cannot be speculated on many of these rounds and where the attacks are coming from Russia and from countries that might be outside the jurisdiction of many of the agencies that crack down on ransomware, as I said, it's worst case scenario for a reason at this point all you can do is hope that at some point ransomware got in the only other option you obviously have e s pay the ransom if you go ahead with that root, many people advise to deal with ransomware authors because many times they will drop from the price they quote you first, you can ask them for a demo, you can pay them a small amount up front and they will send you their decryptor and then such Maybe you can get a security researcher to save you a lot of time and money when it comes to restoring your systems now I would definitely not recommend doing that Please don't pay the ransom because that's what drives this industry.
I know that in some situations people have no choice and do it anyway, so if you're doing it, it's much better if you check with security researchers up front rather than just trying to hide. the fact that you are doing it and then you get in more trouble that way but again I do not recommend paying the ransom please don't if you can help it that will be all for this video hope you found it . helpful i hope it answers all your ransomware questions if i have missed anything important feel free to point it out below or if you have any questions please let me know please like and share the video if you enjoyed it a lot. people who are attacked by ransomware have no idea that these services exist or that you have a lot of free Zout decryptor for them and their sites like ID ransomware that you can use on your own and without professional help, many people just don't. it does have access to good advice on cyber security threats so please share the video, the goal here is to have a high quality

guide

for people who are attacked by ransomware, just give them all the help they need to get started as much as they can do for themselves for free before they need to consult professional help and i think in many cases it can be a great help so thank you so much for watching don't forget to subscribe to pc safety channel and as always stay tuned informed, stay safe

If you have any copyright issue, please Contact