How to Identify Ransomware

If you are hit by Ransomware, you need to block off the attack by removing Internet access from your PCs and servers, stop any encryption processes in progress and any other processes running that shouldn’t be running.

Then the first stage of investigation is to identify what you’re facing and the website https://id-ransomware.malwarehunterteam.com/ is a good starting point.

You upload one encrypted file or the file that is the ransom message to this website and it will try to identify the variant of ransomware. Currently it can identify several hundred variants.

For each there is extra information which can tell you if there are decryption keys available on the Internet.

Some anti-hackers try to find the decryption keys and post them freely, but the blackmailers do know this and try to stay of ahead of them by using new variants for which there are no keys available except for the one held by the blackmailer.

The website is run purely as a free service to the public and does not decrypt files for you – you need an IT  professional for that (assuming it’s possible as many cannot be decrypted without a key from the blackmailer)

If you have a suspected virus rather than ransomware then there is a website that may help to identify it  at https://www.virustotal.com

As always, the advice is that it’s best to avoid being held to ransom – ensure you have adequate systems protection in place, staff that have been educated on the danger of cyber-attacks, regular backups (including off-site) and have a plan in place to deal with a ransomware attack.

Do Share this post on social media – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.