How to deal with Ransomware Like Petya or WannaCry
The short answer is to do a combination of things such as perform a reliable backup, make sure your PC is protected and use automated removal tools if the worst happens. These things can be a solid defence against the growing menace of Ransomware.
Ransomware does not sneak into your PC like ordinary malware does. It suddenly appears and demands cash, otherwise it may encrypt all the files on your Windows PC.
A form of Ransomware similar to Petya has attacked the Ukraine and other sites around the globe, encrypting files until a ransom has been paid. Researchers, though, have moved quickly to block the spread of the Ransomware, also known as Petrwrap, exPetr, Petna, and SortaPetya.
There is no real way to remove Petya Ransomware, but researchers have come up with a few ways to immunise your Windows PC and malware companies are working hard to block it completely.
We will just have to wait a while until these ‘solutions to the threats’ are applied to defeat the current crop of Ransomware.
Petya is the second major Ransomware outbreak in the last two months, following WannaCry, which appeared to leverage software the National Security Agency developed, and was then turned into malware. It struck the U.K. National Health Service and several other banks and organisations.
Ransomware Hits You Where It Hurts – So Prepare Well Against Possible Attacks
A few common-sense habits can help limit your exposure to malware and Ransomware.
Keep your computer up to date via Windows Update. WannaCry doesn’t even try to attack Windows 10, choosing instead Windows XP and other older Windows operating systems.
Ensure you have an active firewall and anti-malware solution in place. Windows Firewall and Windows Defender are barely adequate, so a good third-party anti-malware solution is far better. WannaCry patches are already available, even for Windows 8 and Windows XP.
Ensure that Adobe Flash is turned off, or surf with a browser like Google Chrome, that turns it off by default.
Turn off Microsoft Office macros, if they are happen to be enabled (In Office 2016, you can ensure they are off from Options – Trust Center – Trust Center Settings – Macro Settings).
Never open questionable links, either on a webpage or especially in an email. The most common way you will encounter Ransomware is by clicking on a bad link. Likewise, stay out of the bad corners of the Internet. A bad ad on a legitimate site can still inject malware if you are not careful, but the risks greatly increase if you end up surfing where you should not.
For dedicated anti-malware protection, consider Malwarebytes 3.0, which is advertised as being capable of fighting Ransomware. RansomFree has also developed what it calls anti-ransomware protection. Typically, however, anti-malware programs reserve anti-ransomware for their paid commercial suites.
You can download free anti-ransomware protection like Bitdefender’s Anti-Ransomware Tool, but you will only be protected from four common variants of ransomware. Kaspersky also claims that it can block Petya or Petrwrap by simply rolling back changes via its System Watcher component.
Backing Up Your PC Could Be a Good Strategy
Ransomware encrypts and locks up the files that are most precious to you so there’s no reason to leave them vulnerable. Backing them up is a good and solid strategy.
Take advantage of the free storage provided by OneDrive, Google Drive and others, and back up your data frequently. (But beware, your cloud service may back up infected files if you don’t act quickly enough.)
Better yet, invest in an external hard drive, such as the WD 1TB Elements Portable External Hard Drive, to save some less-frequently accessed “cold storage.” Perform an incremental backup every so often, then detach the drive to isolate that copy of your data.
If You are Infected
How do you know you have Ransomware? You will just know. Ransomware tends to be obvious, the imagery associated with most Ransomware is designed to invoke stress and fear in its victims.
Don’t panic. Your first move should be to contact the authorities, including the police and the UK’s National Fraud and Cyber Crime Reporting Centre. Then ascertain the scope of the problem, by going through your directories and determining which of your user files is infected. (If you do find your documents now have odd extension names, try changing them back – some Ransomware uses “fake” encryption, merely changing the file names without actually encrypting them.)
Identification and Removal
If you have a paid anti-malware solution, scan your hard drive and try contacting your vendor’s tech support and help forums. Another excellent resource is NoMoreRansom.com’s Crypto-Sheriff, a collection of resources and Ransomware uninstallers from Intel, Interpol, and Kaspersky Lab that can help you identify and begin eradicating the Ransomware from your system with free removal tools.
If all Else Fails
If you have good copies of your data saved elsewhere, online and on an external hard drive, all you may need to do is reset your PC, reinstall all your applications and restore your data from the backups.