Ransomware – Fight Back!

Feb 24 2016
POSTED IN Best Practices

There has been a rush of ransomware in the wild lately and people are once again being caught off-guard by these invasions. In the last 30 days, Mantralogix customers have had 2 specific instances where they were duped by ransomware emails.  Fortunately in both situations there is a happy ending.


My colleague Kris defined “What Is Ransomware?” in his blog in Nov, 2015.

Ransomware is malware and it restricts users from being able to access the data on their computer by encrypting their files. It is also known to access data files on any connected network drive as well, making the problem very wide spread.  It is a very real problem and can affect any company!

So you are asking “Are there any ways in which I can detect whether emails are real or ransomware?”

Absolutely!!! If you think about it, how do you send a scanned document in an email, and in which format would you be sending confidential information to someone?

Most people should answer in PDF format, yet most malware infections are sent to people in zipped format.  I have even seen some sent in a Word document format. This should be a red flag when you see them in an email.  If you do not feel comfortable just deleting them, first look to see if you know the person sending these emails to you. If you are not expecting an email from someone with an attachment on it, then DO NOT open it.

Most times if you hold your mouse cursor over the email address where the email is coming from it will read an entirely different address than what shows in your email inbox.  In this case, DELETE the email right away as it is bogus.

The name of the latest ransomware comes in the form of an attachment from Interfax. It turns all your pdf-Word-Excel-Powerpoint documents into encrypted files that you will not be able to access without some Divine intervention.

So what can you do to reduce the ransomware threat to you?

  1. Do not save items locally to your desktop if you have a personal drive on a server in your environment. In most cases, your server will get backed up every night but your desktop will not be backed up.  If files get encrypted you are hostage!

  1. Right click on your C drive and go to properties. Click on the tab called previous versions. If you see a list of dates in there, then you are somewhat protecting your data on your local computer. This protection comes from either your system restore being enabled, or you have Windows backup performing on your computer.

One of our customer situations referenced at the beginning of this blog was saved due to following recommendation 1) above.  Their problem actually went further as there were also some data files on the server that had become encrypted. Fortunately they had server backups occurring regularly allowing the server to be restored.  The system restore was in place on the local computer and the customer’s documents were able to be recovered.  This literally saved days and weeks recreating the dozens of original documents that were saved on their desktops.

I hope you have found this article helpful and as always, we are available to assist you in any way possible to help you secure your precious data from ransomware or anything else out there that can cost you time and money.  Give us a call at 1-866-320-8922.

Recent posts