If you are hit by Ransomware, you need to block off the attack by removing Internet access from your PCs and servers, stop any encryption processes in progress and any other processes running that shouldn’t be running.
Then the first stage of investigation is to identify what you’re facing and the website https://id-ransomware.malwarehunterteam.com/ is a good starting point.
You upload one encrypted file or the file that is the ransom message to this website and it will try to identify the variant of ransomware. Currently it can identify more than 500 different variants.
For each there is extra information which can tell you if there are decryption keys available on the Internet.
Some anti-hackers try to find the decryption keys and post them freely, but the blackmailers do know this and try to stay of ahead of them by using new variants for which there are no keys available except for the one held by the blackmailer.
The website is run purely as a free service to the public and does not decrypt files for you – you need an IT professional for that (assuming it’s possible as many cannot be decrypted without a key from the blackmailer)
If you have a suspected virus rather than ransomware then there is a website that may help to identify it at https://www.virustotal.com
As always, the advice is that it’s best to avoid being held to ransom – ensure you have adequate systems protection in place, staff that have been educated on the danger of cyber attacks, regular backups (including off-site) and have a plan in place to deal with a ransomware attack.
Do Share this post on social media – click on the post title then scroll down to the social media share buttons.