Ransomware is a kind of malware that encrypts important files on your computer and demands to pay ransom to decrypt them.
Recommendation steps to prevent ransomware:
- Do not open attachment in unknown sender’s emails
- Keep operating system, antivirus and third party software timely updated
- Turn on system watcher (applicable to workstation only)
- Create backup copies on your files and keep them in a remote storage.
- Configure limited access to shared network folder.
- Turn on system protection for all drives in system settings
- (This step is very useful to prevent ransomware encrypt your data for KES 10 application )Configures access permission to the protected file types. Please follow the KES 10 configuration guide via http://support.kaspersky.co.uk/10905
What to do if the files has been encrypted:
- Disable automatic deletion of detected malicious files and quarantine the malicious files in Anti-virus product. This is because the malicious file might contain the keys that can be useful for decryption
- Send the suspicious files with protected password in the zip file to Kaspersky Virus Analysts ( newvirus@kaspersky.com )
- Try to restore the affected file from your windows:
Windows 8 : http://windows.microsoft.com/en-MY/windows-8/how-use-file-history
Windows 7 : http://windows.microsoft.com/en-my/windows7/recover-lost-or-deleted-files
Try to use the Kaspersky decryption utilities :
RectorDecryptor
XoristDecryptor
RakhniDecryptor
Follow below steps to configure System Watcher component which is very effective to fight against any types of Ransomware:
- Open Kaspersky Internet Security 2016.
- In the lower-left corner of the main application window, click “Settings”.
- In the Settings view, go to the “Protection” section and select “System Watcher” in the right frame.
4. In the System Watcher settings window, do the following:
> under “Automatic Exploit Prevention“, on threat detection choose: Block action.
> under “Application Activity Control“, action on detection of malware activity choose: Terminate the malware.
> under “Rollback of malware actions“, choose: Roll back.