Dealing with a Ransomware Attack: A full guide

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

all right so you've been attacked by around somewhere every week I get Twitter messages Facebook messages emails from people saying hey I've been infected or my friend has been infected here's a picture of the encrypted files what can I do about it so this video is gonna be a full guide of dealing with ransomware we're gonna go step by step and I'll tell you everything you need to know about what you should be doing if you're attacked by ransomware everything shown in this video is gonna be absolutely free so these are all the steps that you should take before you resort to any kind of professional help the very first thing you'll want to do is lock down infected computers in the network because a lot of ransomware I'd say 90% of the threats I see these days will encrypt your network on drives so even if one of the machines on your network gets infected it's very likely that it will encrypt files on all your systems so the first thing you want to isolate that system you can obviously block now where traffic using your firewall you can disconnect it from your network or you can just go the most old-fashioned route just pull the plug out okay that's fine but do whatever you have to do stop the ransomware from causing further damage while you're watching this video another thing to keep in mind is a lot of friends and where encrypts in real time so whatever new falls you transfer onto the system will be encrypted as well this is again a classic mistake that some people do they try to restore from backup and the ransomware is still active and it encrypts the files that they restore so the very first thing you want to stop the ransomware from running it's great if you can go in there and stop the process itself but if all you can think of is unplugging the system that's fine just do that you want to get rid of the active ransomware executable on the system you can do it with anti-malware software but again I advise caution when you're going through the step because some scanners are not very good when it comes to removing just the ransom or executable they might remove crucial data or your key file making your falls on decrypt able forever so be careful when you're running your scans and don't remove any key files or text files or ransom notes any of that stuff just remove the ransom executable you can obviously use any number of second opinion scanners for this I've got hitman Pro and MC soft emergency get here I know what you're thinking right now all this is good but hey my files are encrypted what do I do about that leo and don't worry we're gonna talk about that right now and I'm gonna give you a live demonstration so we're gonna go ahead and in fact this system let's um around somewhere and we will talk about what you can do about your encrypted files so the very first thing you want to do is check if your faults are decrypted because a lot of ransomware has been broken into by security researchers and they have made decrypt erza vailable publicly for free that you can use to restore your false now there's an amazing site that allows you to identify what ransomware you have whether or not it's decrypted and it's called ID ransomware so you can just go ahead and search for it it's ID - ransomware don't malware hunter team.com this website was developed by daemon slave who's one of my colleagues and it's very easy to use so you can either upload your ransom note over here so that's the text file that tells you that you're infected by ransomware it could be an HTML file or something like that essentially the visual thing that you see or you can go ahead and upload a sample encrypted file so to kick things off I'm gonna infect the system with ransomware that I know is decrypted so we're just gonna go ahead and try and run Jiggs on the system now this is obviously a very old ransomware it uses a static key and thus can be easily broken into I've also made a video showing you exactly how you can retrieve the static key and decrypt around somewhere you can go ahead and watch that if you like but in this video I'm just gonna run it on the system we'll get our files encrypted and we'll see what happens from there so I've executed the ransomware and as you can see the data in our Documents folder is now encrypted and we've got a dolphin extension so what I'm gonna do is go to ID around somewhere we're going to browse for a sample encrypted file just go ahead and select this one and we'll click on upload and boom there you go immediately you get the result it identifies the ransomware house jigsaw and it says this ransomware is decrypted all at this point if you figured out that the runs more you have HD crypt able do not pay the ransom don't do anything because there is a tool out there that can decrypt your files for free now this is likely going to be the fastest method to restore your data so you can go ahead and click here for more information about jigsaw and as you can see we directly have a link to download the jigsaw decryptor here can go ahead and download that and these are very easy tools to operate just need to scan the folders for encrypted files you can just add a custom folder like so and then you can just go ahead and click on decrypt now once this is done as you can see our data is restored now you have to keep in mind that this is a best-case scenario so all the ransomware out there isn't d cryptical in fact the majority of the big hitters aren't that's why they're so successful so now I'm going to show you what happens if we're hit by ransomware that's not decrypted so we'll go ahead and run spora which I know for a fact isn't decrypted and as you can see now our computer is infected you've got this HTML ransom note file so what you want to do again on ID ransomware is either provide a sample encrypted fall or the ransom notes since I used this option last time I'll just show you what it does with the ransom note so we'll just go to the desktop and select the HTML file and click on upload and as you can see here it tells you that this ransomware has no way of decrypting the data at this time so at this point your best bet is your backup so if you have backups of your data offline those should be protected again if you took the first advice disconnected the computer at the moment you figured out that your files are being encrypted the damage should be fairly contained and you should be able to restore from backup now funnily enough a lot of people do contact me who say that they don't particularly care about their data but they just want their system to be operational they just want to get rid of the ransomware now in that case ransomware it's not particularly hard to remove again you can use any kind of second opinion scanners like the ones on the desktop there are plenty of perfectly serviceable scanners they'll detect and remove ransomware and no problem the only issue is you'll just have to delete the encrypted data and replace it with new copies assuming you have them obviously if you don't store a lot of personal information on your desktop maybe you just have them on a Google Drive or you just use Apple iCloud then obviously this is not too much of an issue programs and things like that can just be replaced I mean you can just download them if they're encrypted most of the time around somewhere it doesn't target things like that anyway but now let's talk about the worst case scenario so the worst case scenario is you have a lot of valuable data on your system you've been attacked by ransomware like this which is not decrypt able and you don't have backups backups were stored in some kind of connected network drive and those have been encrypted as well so in this particular case you can just click here to be notified if there's any development regarding this around somewhere so if you just go ahead and provide your an email address essentially you're going to get notified if let's say you're a pole or some police agency manages to crack down on the around somewhere find the command and control servers and obtain the keys that way of course the likelihood of such an event cannot be speculated a lot of these rounds and where attacks come from Russia and from countries that might be outside the jurisdiction of a lot of the agencies that crack down on ransomware as I said it's the worst case scenario for a reason at this point all you can do is just hope that at some point the ransomware has cracked into the only other choice you have is obviously paying the ransom if you go ahead with that root a lot of people advise actually negotiating with the ransomware authors because a lot of the time they will come down from the price that they quote you first you can ask them for demo you can pay them a small amount upfront and they will send your decryptor and then maybe you can get a security researcher to save you a lot of time and money when it comes to restoring your systems now I would definitely not recommend doing that please don't pay the ransom because that's what fuels this industry I know in some situations people have no choice and they do it anyway so if you are doing it it's much better if you consult with security researchers upfront rather than just try and hide the fact that you're doing it and then get into more trouble that way but once again I do not recommend paying the ransom please don't do it if you can help it that's going to be it for this video I hope you found it useful I hope it answers all your questions about ransomware if I've missed out anything important feel free to point it out in the once below or if you have any questions let me know please like and share the video if you enjoyed it a lot of people who get hit by ransomware have no idea that these services exist or that you have a lot of free decryptor Zout their and their sites like ID ransomware that you can use on your own and without any professional help a lot of people just don't have access to good advice regarding cyber security threats so please share the video the objective here is to have a high quality guide for people who get attacked by ransomware just give them all the help they need to get started everything that they can do on their own for free before they need to consult professional help and I think in a lot of cases it can help out massively so thank you so much for watching don't forget to subscribe to the PC security Channel and as always stay informed stay secure [Music] [Music]

Info

Channel: The PC Security Channel

Views: 417,000

Rating: undefined out of 5

Keywords: TPSC, The PC Security Channel, security, cybersecurity, Internet Security, test, malware, prevention, detection, AntiMalware, tutorial, virus, trojan, PUP, Ransomware, finance, antivirus, review, free, backup, protection, Decrypt Ransomware, Ransomware Decryptor, Infected by Ransomware, Remove Ransomware, Restore files encrypted by ransomware, Ransomware Recovery, Dealing with a ransomware attack: A full guide, Ransomware Recovery Guide, Ransomware Guide, Ransomware Help

Id: g0yXmQx89x4

Channel Id: undefined

Length: 10min 1sec (601 seconds)

Published: Wed Dec 18 2019