Nomoreransom - Temasoft

TEMASOFT Supports the “NoMoreRansom!” Project

TEMASOFT joined the No More Ransom Project as a Supporting Partner in September 2017, in an effort to help increase awareness about ransomware and how to protect against this threat.

In addition, TEMASOFT offers TEMASOFT Ranstop Home, FREE anti-ransomware technology for non-commercial use.

Get FREE anti-ransomware protection!

What is ransomware?

A form of cyber extortion

Ransomware is a form of cyber extortion that targets businesses and individuals. It locks out important files, rendering them unusable, and displays messages informing the victim how to proceed for recovering them. The cyber attackers promise to recover the files in exchange for one or more payments. They use anonymous cyber-coins like Bitcoin to monetize their activities. They provide detailed instructions on how to make the payments and then cash out with virtually no risk. Large scale attacks have a big number of victims, and a percentage of those victims decide to pay the ransom.

SPAM e-mail campaigns – cleverly engineered e-mail messages to lure victims into clicking on links or downloading malicious attachments;
Instant messaging and social networks – malicious links spread via instant messaging and social networks, pointing to malicious websites hosting ransomware components;
Malicious or compromised legitimate websites – malicious websites visited without intent while attempting to access various freebies, shopping offers or copyrighted material, promised to be offered for free.

Types of ransomware

There are several types of ransomware that have different attack methods:

File encryptors – this is the most common type. Such ransomware encrypts files in various ways (directly within the same file, in a new file deleting the original data, etc);
Screen lockers – this type of ransomware does not attack the data itself but prevents the victims from using their computer by overlaying a ransom message over the desktop;
MBR ransomware – this type of ransomware alters the Master Boot Records and forces a system reboot. After the reboot, the ransomware boot code will execute, preventing the operating system from loading. Next, it encrypts the files individually or by using volume encryption.

Distribution

The most common distribution model involves e-mail phishing campaigns where people are lured into opening apparently legitimate attachments. Upon clicking on such attachment, a malicious code gets executed on the machine.

Initial infection

The program that triggers a ransomware infection is not the actual ransomware. This program is usually called a “downloader” and is the malware that gets distributed as part of the ransomware email SPAM campaigns. During the first stage, the downloader usually executes a few operations like

Reading system information;
Communicating with command servers in the anonymity network;
Downloading the ransomware payload – the program that will perform the encryption process.

The downloader arrives in many forms: executable, document, macro, script, binary data, etc. Most of the time, the downloader is disguised into something else – an official document, a picture, etc.

File encryption

The ransomware payload is usually downloaded from the internet and upon execution, it implements a series of actions to prevent antivirus software from detecting it, as well as to make it difficult for security researchers to reverse engineer the code.

Next, depending on the type of ransomware, specific file encryption actions are taken, and ransom notes are created in various places on the computer.

Be cautious!

One of the most important ransomware distribution model, the email, relies on victims’ lack of awareness and their curiosity. Be cautious when using the email and browsing the internet:

Do not open attachments in unsolicited email;
Do not click on links in unsolicited email;
Carefully assess the authenticity of apparently legitimate e-mail: verify the sender in the email details, the email server sending the information, etc.
Assess the opportunity to receive apparently legitimate messages: do you really have an account with the bank claiming to issue a notice to you? Do you really have unpaid bills? etc.
Avoid following up on promotions that are too good to be true or leading to websites you do not know;
Avoid browsing web sites that claim to offer otherwise commercial stuff for free. This includes copyrighted material such as music and videos.

Keep an offline backup of your important files;
Keep your operating system and applications up to date;
Use antivirus software for anti-malware protection; Paid anti-virus performs better and offers protection against a wider variety of threats;

Use anti-ransomware technology

Anti-ransomware technology takes a different approach in dealing with ransomware. It delivers specific ransomware detection technology implemented to ensure identification of the vast majority of present and future ransomware with a high degree of accuracy. At the same time, it implements real-time protected backups to ensure data availability in case of a ransomware incident.

Help, I have been infected by ransomware!

What to do when infected by ransomware

We advise you not to pay the ransom, for the following reasons:

cyber-criminals should not be encouraged;
money obtained in this manner are used to finance various illicit activities;
paying the ransom does not guarantee the files are recovered, no matter the promises of the attackers.

Instead, please follow these steps.

Decryption tools

There are many ransomware families for which decryption tools are available. Such tools may allow you to recover the compromised files. Once the ransomware family has been identified, search for available decryption tools on the NoMoreRansom page.

Report a crime

The NoMoreRansom website allows you to report the attack. Please follow the information on this page.

About anti-ransomware technology

Anti-ransomware is a particular type of technology that focuses on detecting ransomware and addressing the data loss risks associated with ransomware incidents. It is different than the antivirus and backup technologies and may use parts of functionality from both.

Learn more about what anti-ransomware is!

Learn more about why a single protection layer, such as antivirus, is not enough to protect from ransomware!

About the NoMoreRansom! project

The “No More Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cyber security companies – Kaspersky Lab and McAfee – with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.

Since it is much easier to avoid the threat than to fight against it once the system is affected, the project also aims to educate users about how ransomware works and what countermeasures can be taken to effectively prevent infection. The more parties supporting this project the better the results can be. This initiative is open to other public and private parties.

About TEMASOFT

TEMASOFT is a software company focused on developing security and infrastructure products. The company was founded in 2000 and since then it has been involved in the development of different software applications for customers from various industries, including several award-winning products for GFI Software which are now used by thousands of customers all over the world. Our current mission is to become a leader in document protection software.

Our existing portfolio of products includes TEMASOFT Ranstop, an effective anti-ransomware software for companies and TEMASOFT FileMonitor, a real-time file monitoring software, all aimed at preventing and protecting companies against ransomware threats, breaches, data leakage and misuse.