Security measures against Ransomware The aim of that report is to announce about the dangers of this virus and to give several security advises to prevent an infection and their consequences. This report is valid for UPF computer and also for your personal devices. What is Ransomware? How the infection can be? Basic prevention measures Concrete measures for prevention Annex What is Ransomware? It’s a malicious computer program that can block access to your computer and damage your files. It also affects to USB devices or network data bases that are connected to your computer. This virus encrypts and disables the use of your files and they can only be recuperated if it has been made previously a security copy. This virus will ask you to pay a money rescue for releasing the cryptographic protection, followed by several fake alerts with a payment application form. This activity has been very successful around the world and it also finances other criminal activities. Otherwise, nobody guarantees that the payment of the rescue will release your files. How the infection can be? As other virus, Ransomware’s infection can be avoided following a basic security guide. Here you can find some of the most used infection systems. 1. Spam/Phising messages: Phising messages (identity theft) try to cheat users asking for several personal data or to click on an attached filed, whose is infected. 2. A malicious code from another program: It could access through another downloaded program (Torrent file or another), that implement the virus. 3. Web Exploit/Kits: It could access if you click on some advice banners or through some plugin. 4. Predictable or easy passwords: Some systems try to connect to your computer using generic users and passwords. Once the program is connected, it installs the malicious virus. Basic prevention measures Here you can find some basic measures to avoid this kind of infections. 1. Do periodically security copies of your important data. Options for doing that copies are: a. Through your cloud: Drive, Dropbox, Onedrive, Mega copies… b. Through an external hard disk drive: Copies in an external hard disk drive where you work and then disconnect from your computer. c. Remember: IT Service do security copies of your network data, but not of your (C:\) files. 2. Maintain your computer constantly actualized (Operative system and apps): Every time operative system requires you to install an actualization (Windows Update) do it. And when a program (Adobe Flash, etc.) requires you to update, do it. 3. Have your windows firewall activated. 4. Use the Google’s anti­spam services : Mail system identify most of spam. In case it doesn’t, mark the fake messages as spam for helping the system to learn to indentify it. 5. Show file’s extensions: Through this way you can identify a file with double extension (for example “file.pdf.exe”) and see if it’s a malicious file. 6. Maintain activated the Restore the system option: This option able you to recuperated system files if they are infected. Concrete measures for prevention Most common methods for preventing infections are these: ●
●
Spam/Phising messages Malicious code from another program It’s important to remember that the infection depends on the user’s interaction (voluntary or not) with the virus. So, following these instructions is possible to avoid infections. 1. Be suspicious about de mail messages that comes from an known transmitter, but they show some of these characteristics: a. It’s not well redacted b. Shows important orthographic or grammatical mistakes. c. Text is written in different languages or seems translated with an extern program. d. Text mix masculine and feminine pronouns. e. Text is written in a style that’s not usual by the author that is sending it. 2. Be suspicious about mail messages from companies who don’t have any link with the addressee: 3. Be suspicious about mail messages without text but with and attached file. 4. Be suspicious about mail messages without greetings and only ask for opening an attached file. 5. Don’t open any executable attached file. 6. Save always the attached files and check if that files are the correct ones (no double extension). 7. Surf the internet through safe websites. 8. Use block adds programs, like ublock or adblock. 9. Don’t download illegal programs. 10. When you download a program, please, read properly all the steps and uncheck all you aren’t interested in. Please, take these instructions seriously and spend the necessary time to follow them on your daily work. If you have any doubt, please, contact with the IT Service. Reagent procedure when the infection has been detected Once you have been infected, please, follow these instructions: 1. Turn off your computer. 2. Contact with the IT Service and notify the infection. 3. Inform by the most precise way about how the infection happens. As users work in global networks, It’s very important to find the original infection focus for being able to clean it and avoid future ones. How can you recuperate files? Network disks: The IT Service will restore the most recent copy. Local files (C:\), it’s possible: ●
●
●
If It exists a security copy in a hard disk that wasn’t connected in the moment when the infection happens. If It exists a file’s copy on Dropbox / Drive: These programs allow recuperating “previous versions” of your files, which aren’t infected. Restore the system must be turn on and configured correctly. Due to these reasons it’s very important to have a copy of your documents. This is the best way to recuperate your files. Paying the money rescue is not recommended in any cases If you need more information or some help about how to apply one of these measures, please, contact with IT Service.