Ransomware: Introduction, Prevention and Trend Micro Security Solutions
Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to restore access to their systems, or to get their data back.
Ransomware can be downloaded by unwitting users who visit malicious or compromised websites. It can also arrive as a payload, either dropped or downloaded by other malware. Some ransomware are delivered as attachments to spammed email.
Once executed in the system, a ransomware can either (1) lock the computer screen or (2) encrypt predetermined files with a password.
In the first scenario, a ransomware shows a full-screen image or notification, which prevents victims from using their system. This screen also provides instructions on how users can pay the ransom.
The second type of ransomware encrypts files including word processing documents, spreadsheets, photos and other important files.
The cybercriminals behind ransomware make use of online payment methods such as Ukash, PaySafeCard, MoneyPAK or Bitcoin as a way for users to pay the ransom. However, paying the ransom doesn't guarantee the cybercriminal will restore your system or files to you.
Get the latest news and information on ransomware from our Security Intelligence blog here.
Watch our video on Ransomware here.
- Always check who the email sender is
If the email is supposedly coming from a bank, verify with your bank if the message is legitimate. If the email came from a personal contact, confirm if your contact sent the message. Do not rely solely on trust by virtue of relationship, as your friend or family member may be a victim of spammers as well.
- Double-check the content of the message
There are obvious factual errors or discrepancies that you can spot. Example, if your bank or a friend claims that they have received something from you, try to go to your recently sent items to double-check their claim. Such spammed messages can also use other social engineering lures to persuade users to open the message.
- Refrain from clicking links in email
In general, clicking on links in email should be avoided. It is safer to visit any site mentioned in email directly. If you have to click on a link in email, make sure your browser uses web reputation to check the link, or use free services such as Trend Micro Site Safety Center.
- Always ensure your software is up-to-date
Currently there are no known CryptoLocker that exploits vulnerabilities to spread, but it can’t be ruled out in the future. Regularly updating installed software provides another layer of security against many attacks.
- Backup important data
There is no known tool to decrypt the files encrypted by CryptoLocker. One good safe computing practice is to ensure you have accurate backups of your files. The 3-2-1 principle should be in play: three copies, two different media, one separate location. Windows has a feature called Volume Shadow Copy that allows you to restore files to their previous state, and is enabled by default. Cloud storage services (such as SafeSync) can be a useful part of your backup strategy.
Trend Micro™ Security offers protection against Ransomware by blocking these threats from possible points of infection. It prevents access to dangerous websites, including harmful links from social networks, spam and email messages. Most importantly, it detects and deletes Ransomware variants if found in the system.
- Open your Trend Micro Security software main console by doing one of the following:
- Double-click the Trend Micro desktop shortcut
- Double-click the Trend Micro icon on the system tray
- Click Settings.
- If you've secured your settings with a password, a popup appears. Please enter your password to continue, then click OK.
- Under Scan Preferences, tick the following settings:
- Scan for threats when opening, saving or downloading files
- Protect documents against unauthorized encryption or modification.
- Back up files encrypted or modified by suspicious programs.
- Click Apply, then click OK.
How do I use Folder Shield?Learn about the Folder Shield feature of your Trend Micro Security software. Follow the instructions on how to use Folder Shield in this article: Using the Folder Shield feature of Trend Micro Security
I am running an older version, how can I upgrade to get this feature?Learn how to upgrade your Trend Micro program to the latest version for free. Follow the instructions on how to upgrade in this article: Upgrading Trend Micro Security to the latest version
There are two (2) types of Ransomware: Lock Screen which limits the users from accessing the computer and Crypto (File Encryption) which encrypts files to limit users from accessing their files.
- Download our free Trend Micro™ Ransomware Screen Unlocker Tool to eliminate Lock Screen. Follow the instructions on how to use the tool in this article: Downloading and using Trend Micro™ Ransomware Screen Unlocker Tool
- Download our free Decrypt Tool to attempt to retrieve files encrypted by a Crypto Ransomware.
Follow the instructions on how to use the tool in this article: Downloading and Using the Trend Micro Ransomware File Decryptor
Or manually restore encrypted files after a Crypto Ransomware infection. Follow instructions in this article: Restoring encrypted files after CryptoLocker Ransomware infection
On April 8th, 2014, Microsoft formally announced the Windows XP end of support. Because Microsoft no longer fixes issues on Windows XP, it has become increasingly difficult for Trend Micro to keep users safe on this operating system. While our internet security products can be installed on Windows XP, we encourage all of our users to upgrade their PCs to a more modern operating system which will provide greater stability and security. You can refer to this article for more information.
Last Updated: Sep. 20, 2016 3:06 AM (PST)
Solution ID: 1099580