A security researcher has made a Ransomware Removal Kit available online with the hope that it will help security professionals and system administrators alike in responding to instances of ransomware infection
The toolkit is useful for decrypting variants of CryptoLocker, TeslaCrypt, and CoinVault which are three of the nastiest and most popular ransomwares in circulation.
The toolkit is useful for decrypting variants of CryptoLocker, TeslaCrypt, and CoinVault which are three of the nastiest and most popular ransomwares in circulation.
Instead of paying the ransom, security professionals and system administrators should remove the infected system from a network in order to prevent the infection from spreading. They can then attempt to identify which strain of ransomware has infected their systems, at which point they can determine how best to remove the malware from the infected unit.
Cyrus also recommends creating a copy of the ransomware for future analysis, as it may be needed to decrypt affected files.
It is critical that the right tool is used to decrypt files. If not, there is a possibility that files will become corrupt or overwritten -- rendering them useless. If possible, restore points and backups should also be used to return systems to a safe state before the infection surfaced -- and after the threat is removed.
To prevent yourself becoming a victim of ransomware, remain wary of emails sent by unverified senders, keep systems up-to-date and fully patched, and consider using antivirus software to stop infection in its tracks.
No comments:
Post a Comment