What is ransomware and what does it do?
When you become infected with ransomware it stops you from using your PC and holds you to "ransom". Normally requesting you to pay BitCoins to the cybercrooks in order for you to get a decryption key and restore your files and systems to the previous state.
There are variations of ransomware, some of them simply encrypt your files, whilst others are more sinister in execution.
There's a new ransomware threat on the block and it's called BadBlock.
The BadBlock version of ransomware is typical in it's execution and is distributed via spam email containing infected attachments or by users visiting infected websites. (Is that link in the email legit?)
The BadBlock ransomware targets all versions of Windows including Windows XP, Windows Vista, Windows 7, Windows 8 and Windows 10 and uses an AES-265 and RSA encryption method. When the infection has finished scanning your computer or server it will also delete all of the Shadow Volume Copies. It does this so you can't use them to restore your encrypted files. You will then see the image above as your desktop wallpaper.
The difference with this version of ransomware is that not only does it encrypt your data files it will also encrypt executables including important Windows system files. Therefore, don't restart your machine after you become infected as it will cause your PC to stop working completely.
Currently there is a way out for anyone that has been infected. Emsisoft have created a decrypter for BadBlock so you don't need to pay any ransom or restore from a backup. You can download it here.
There are many versions of ransomware and here are some others to watch out for:
Further info available at www.bleepingcomputer.com
If you are having difficulty with decrypting, restoring a backup or simply have any questions on how to protect yourself or your business against viruses, malware and ransomware please get in touch today. As one of our happy customers says "Prevention is definitely better than cure".