Archive for August, 2017

 

The latest 2017 Ransomware and what to do about it.

 

The latest mid year ransomware is a serious threat and every computer is vulnerable. The serious threat prevention tools in Windows is exclusive to Microsoft’s enterprise customers and online exchange users in Office 365. The new threat is called Petya or NotPetya, but names are not important, it’s the actions of the rogue code. The new Petya strains are not particularly new either, but the techniques are new.

How do the new virus strains get on your computer?

  1. by stealth download from your browsers, an exploit kit is downloaded behind the stage to infect the vulnerable system.
  2. by email attachments and links, such as Word documents, resumes, fake documents etc.

How do I know I am infected?

  1. you will get an infected pop up message or warning, sometimes demanding money
  2. you may not get any warning message; if you suspect you may be infected seek professional IT help from an MCP (Microsoft certified professional) to carry out best practice diagnosis and removal procedures to mitigate risk of data encryption or MBR lockdowns.

What to do after you get a warning message and a ransom demand or similar.

  1. shut down your computer by pressing the power button and remove any network and power cables, battery.
  2. do *NOT* attempt to click off the warning message
  3. do *NOT* attempt to run a virus scan because it will encrypt all your files and possibly the master boot record rendering your drive non bootable

What to do before you get infected

  1. follow the 3-2-1 rule. Backup your data in an automated regular fashion to two locations, including an offsite backup if you have very important files, financial and customer records, family history in the form of photographs.
  2. get an annual maintenance and security checkup by an experienced and certified IT technician.

If you get the ransom warning message or a fake message like the one shown below, your system may be not yet be encrypted or your drive might not yet be locked via the MBR. Get help from an experienced computer tech at this stage to help prevent loss of data and system.

fake warning after restarting system following infection by ransomware

fake warning after restarting system following infection by ransomware

We do provide preventative bug removal via our online remote access service. It’s completly safe! We are based in Australia. Call today or email.