Wednesday, March 29, 2017
C-t: Malware: bite-size learning No.4
If you have followed the Cyber-teaching (C-t) bite-size learning module hopefully you will have noticed several references on things that you can do to help yourself as single-person and small businesses and other SME categories. Further proof that these types of business need to think on their feet and act quickly is making sure you have backed up your data (files, etc.). The obviousness of this will be apparent quite shortly.
Initially, we need to look at attackers and tools of threat. Those who digitally attack your business look for the weakness in your security. They are looking at this:
The methods adopted for the attacker tools of threat can be in plain sight (email attachment, etc.,) or by stealth (unseen downloads when visiting webpages) are malware that can be inconvenient/ annoying/ threats to person's reputation; to ransomware (demanding monies with menaces to PC/laptop).
If your PC/laptop becomes infected then you will find there are some very helpful and talented companies out there that can provide free solutions to dealing with malware. The company I selected is Emsisoft ( https://decrypter.emsisoft.com/ ). When you visit their webpage have a look at all the malware decryption tools the company has created for malware file victims (MFV). In particular, note the number of downloads for malware tools, which give a clear indication which malware is more prevalent in the marketplace.
Decrypter for LeChiffre
Decrypter for KeyBTC
Decrypter for Globe2
Decrypter for NMoreira or XRatTeam or XPan
Decrypter for OpenToYou or OpenToDecrypt
Decrypter for MRCR
Decrypter for Globe3
Decrypter for Marlboro
Decrypter for OpenToYou
Decrypter for GlobeImposter.
Decrypter for Stampado
Decrypter for Fabiansomware
Decrypter for Philadelphia
Decrypter for FenixLocker
Decrypter for Al-Namrood
Decrypter for Globe ransomware
Decrypter for OzozaLocker
Decrypter for Nemucod
Decrypter for DMALocker2
Decrypter for HydraCrypt
Decrypter for DMALocker
Decrypter for CrypBoss
Decrypter for Gomasom
Decrypter for Harasom
Decryptor for Xorist
Decryptor for 777
Decryptor for BadBlock
Decryptor for Apocalypse
Decrypter for ApocalypseVM
Decrypter for Radamant
Decrypter for CryptInfinite
Decrypter for PClock
Decrypter for CryptoDefense
Those who are familiar with using the PCs/laptop and the desktop facilities may not be so familiar with the technical operation and tend to be put off from investigating, instead hoping that the antivirus / malware detection cleaner will resolve the problem. In part they do, but they do not decrypt malware file victims (MFV). This is why I chose Emsisoft decryption tools because the function of decrypting is very easy to follow, such that as a user:
1) As you are familiar creating a folder on a desktop: you can create a folder on a USB stick;
2) You know how to download a program;
3) You know how to copy and paste;
4) You know how to move a file from location to another.
You may recall previously it was mentioned about "back-up your data"? And here is one reason for that. For the Emsisoft decryption tool to work it needs a) an original file b) the malware file victim (MFV) in order to conduct its decryption process.
5) Create a folder on a USB stick (e.g. Malware Test);
6) Download a copy of the relevant decryption tool (determined by the file-extension of the infected file (MFV) and cross-referenced to the tool at Emsisoft website;
7) Copy and paste the original file into the folder;
8) Move the infected file (MFV) into the folder;
9) Highlight both the files (original and MFV);
10) Drag and drop both files on the decryption tool icon and the program runs itself.
Always read and follow the decryption tools instructions.
Remember to run your antivirus/malware detection cleaner programs on your PC/laptop and don't forget to do the same for the USB stick.
Lastly, there are no guarantees that decryption or release tools will work or it might be tools may not have been created for malware, so keep hunting and be patient.
Where fake programs are present holding a user to ransom that require input of release keys the professionals have noted a number of frequently common keys to unlock that have been used:
Master Boot Record Blocking Keys Unlock Codes:
Frequent common keys unlock codes:
As a reminder using these keys wont clean your PC/laptop, you will still need to run antivirus/malware detection cleaner programs.
These C-t: bite-size learning modules are free of charge. They are based upon research and surveillance in the marketplace to help others. There is no connection with the companies or their products.