STOP RANSOMWARE IN ITS TRACKS
Force ransomware to unlock your files for free
If the worst happens and ransomware sneaks past your AV’S defences, never pay the ransom, no matter how alarming the threat. Security firms race to release free decryption tools whenever new ransomware is discovered. The best tools can foil several types of ransomware.
For example, Trend Micro’s free Ransomware File Decryptor ( www. snipca.com/24494) can release files locked by Cryptolocker, Locky, Cerber, Wannacry and more. It works in all supported versions of Windows (7, 8.1 and 10) and even helps unlock Windows XP PCS. To get it, scroll down the page then click the blue Download Ransom ware file de crypt or button. Extract the program file from the ZIP, run it as administrator and then click Agree to launch it. You can tell it which ransomware has locked your files, or click ‘I don’t know the ransomware name’ then direct it to a file or folder you want it to decrypt.
During the decryption process the tool might display a message that says, ‘Some files need more information to continue’. This means that the tool needs to compare the encrypted file to a similar file on your PC that hasn’t been locked by ransomware. Click ‘click here’ and a new box will open where you’ll be asked to ‘Select an infected file’ and ‘Select a non-infected file’. The infected file should be the file you’ve already attempted to decrypt. When specifying the non-infected file, try to select a similar file type (so a Word document, if the encrypted file is a Word document) and select as large a file as possible.
Double your defences with a ransomware scanner
Tools designed to spot and stop ransomware-style behaviour in real time tend not to be free. For example Cryptoprevent ( www.snipca.com/24491), launched in the wake of Cryptolocker and updated to version 8 a couple of months ago, now charges $15 (£11.50) a year for automatic ransomware detection that won’t conflict with your AV.
That said, Cybereason Ransomfree ( https://ransomfree.cybereason.com) is a great free option. This new tool runs in the background, constantly watching for processes that try to interact with your files. It even sets ‘honeytraps’ to lure suspected ransomware into giveaway behaviour – such as the mass encryption of files – then instantly kills the offending process. Unlike your AV and Cryptoprevent, Ransomfree doesn’t use definitions to detect ransomware – it goes purely by behaviour. This means it may be able to spot ransomware that hasn’t been identified yet. To get it, go to the website, click Free Download then run the installer. Once installed it runs automatically when you boot your PC. It uses about the same memory as your AV and less than your browser (especially Chrome), so shouldn’t notably impact your system.
Spot and stop dodgy processes
To spot invaders that are hogging your PC’S bandwidth and sending unusual amounts of data back to internet servers, use the free program Process Network Monitor ( www.snipca.com/24496). It displays a list of processes that are communicating with websites, then lets you quickly check them against known malware threats on the Virustotal ( www. virustotal.com) and Processlibrary ( www.processlibrary.com) databases. To get it, go to the link above, then wait a few moments until the line ‘You are downloading Process Network Monitor, here is your Download Link’ appears. Click the words Download Link. Don’t click any Download buttons (they’re adverts).
If you think a miscreant is ‘phoning home’ from your PC, chop off its internet connection using the new tool Net Disabler ( www.snipca.com/24499). This tiny portable program offers three ways to instantly block your PC’S internet connection: disable your router, block DNS and pull up your Windows Firewall drawbridge. Use them all at once to cut off life-support for malware so that ransomware worms and botnets can’t infect your PC.