Ransomware: Unlocked and Gone!

The latest Ransomware has been defeated by RollBack Rx v10.x.

There’s a scary new threat floating around in cyberspace called the WannaCry. It may already be too late. The computer you’re using right now may already be infected. While you’re working away on an important document, files in the background are becoming irretrievably encrypted. You’ll then soon receive a notice informing you that your computer has been infected and all your important files are unusable. A hijacking is taking place, but of a very different kind. The extortion persists for a few agonizing days until a ransom payment of $300 is received. You feel victimized and you may lose your important files forever.

Luckily, you have RollBack Rx on your PC and you can instantly restore your PC to an earlier time. Within seconds and after a quick reboot of your workstation, you’ll feel as though you never had the WannaCry infection in the first place. But if you don’t have RollBack Rx, read on, so that you are better informed of what you can expect.

What Is Ransomware?

Ransomware is?

Ransomware is a type of malicious software that threatens to take control of the victim’s data and block access to it unless a ransom is paid. It uses a technique called cryptoviral extortion, which encrypts the the file, make them inaccessible, and demands a ransom payment to decrypt it. Without a decryption key, it’s normally impossible to reverse this and since bitcoin currency is used for ransom payment, it makes it very difficult to trace the perpetrator that’s behind the Ransomware Attack.

WannaCry is one of the most malicious Ransomware Trojans floating around in cyberspace today and is targeting Windows-based computers. First reports of its existence surfaced in May 2017. How this process works is divided into three steps. The first step is the main program (mssecsvc.exe) where it spreads itself onto the user’s PC and releases the “WannaCry” ransom program.  The entire computer is encrypted and the WannaDecryptor interface displays the Ransom information. The second step is where the WannaCry program generates a public key which locks the encrypted files on the user’s hard drive whereas the attacker only has access to the private key in which it can unlock and decrypt the hard drive. The third step would be where the WannaDecryptor program will demand a Ransom fee in Bitcoin currency in order to allow the program to decrypt your hard drive to access those files again.

Ransomware Repair and Removal and Data Fix

There are unconfirmed reports that there is also subsequently offered a “second chance” for the victim to receive the private key required for the decryption process even after the deadline has passed but this time, attempting to blackmail the victim for 10 Bitcoins (about $10,000 US), to be paid to criminal hackers at some unknown location. The payment methods are strictly Bitcoins and MoneyPak vouchers, both of which are decentralized payment methods which don’t generate traceable transaction records.

The latest antivirus definition files simply remove the Cryptolocker registry keys and system files from the Windows registry – however all files that were encrypted would not be recoverable. The encrypted files can’t be decrypted by Antivirus software and so they are lost forever. Cyber security experts are adamant that the victim not submit to this extortion and to refuse to pay the coerced payment. These experts, however, don’t offer any constructive means of recovering the user’s lost files.

Ransomware VS Antivirus

The problem with antivirus programs is that they’re always behind the eight-ball. Constantly trying to identify and cure known infestations. They do this by updating malware definition files in hopes that the user updates their antivirus application before they are attacked. Therefore, by the nature of malware – Antivirus is great for detecting malicious files but in most cases, you would not be able to guarantee that your PC would be back to an exact pristine state. RollBack Rx is the only known prevention for WannaCry infected PCs. The entire WannaCry program as well as its mass data carnage would all be eradicated by simply booting up your PC into an earlier state using the RollBack Rx sub-console. It will quickly restore your workstation and recover from any Ransomware attack.

You can simply return to exactly how things were before the problem ever began. Imagine you could just go back in time by rolling the clock back instantly to before any such problem issue appeared on your machine.

How Can You Prevent Your Computer from Becoming Infected by Ransomware?

Horizon DataSys clients have been able to recover from Ransomware using RollBack Rx. RollBack Rx is a software program that instantly restores hard drives back to any number of earlier points in time (or “snapshots”). If a problem arises, the workstation can simply be reset to any of these earlier dates before the problem ever occurred, without damaging the system and without losing any of your data. RollBack Rx is a bit-for-bit restoration engine using Horizon DataSys’ own patented sector-mapping technology that can be set to return to a snapshot prior to the time the WannaCry infection took place. All files encrypted by WannaCry are returned to exactly how they were prior to the attack. RollBack Rx software has fared well against this nasty trojan horse. PC users that have RollBack Rx installed on their PCs are able to easily roll back to a snapshot prior to the infection without any sign of the WannaCry remaining on their machines. Further, they were able to explore their latest infected snapshot and drag-and-drop more recent versions of their uninfected documents.

One RollBack Rx user explained that once he discovered the infection on his machine he immediately rolled back to an earlier snapshot. Within seconds he was back to a point in time before he opened the email attachment that caused the issue. The only issue was that the RollBack Rx had to be accessed from the bootup screen as the GUI was inaccessible (due to Ransomware). “It really wasn’t much more complicated than that,” he told us. This customer, who chose to remain anonymous, lives in France. He said that he did have a very popular commercial anti-virus program installed and that it didn’t detect any issue with the attachment. This really shouldn’t be a surprise as RansomWare is really no different than any other common program from the antivirus program’s perspective.

Over the years the nature of virus and other malware attacks has evolved. In early instances of such virulent infections, the perpetrator wanted to display their programing and hacking abilities, to show off their skills. These infections have now evolved to the point where the rogue hackers are monetizing their skills in hijacking other computer systems. This is becoming a huge commercial enterprise and it’s only going to get worse. The hackers no longer seem care to get credit; they just want your money.

We’re all just human. We make mistakes. So the software protecting our machines should be more robust and be able to undo such issues rather than just leaving us to hope that we don’t make such mistakes. There are some pretty scary things out there but if we constantly lived in fear of these things and were deathly afraid of clicking on anything we wouldn’t be able to get anything done. If you have RollBack Rx installed you don’t need to worry about and keep up with all these issues.

If you didn’t have RollBack Rx installed then native Windows features are your best option to recover files. Windows System Restore (now called Reset in Windows 10) creates Shadow Volume Copies of your recently opened personal documents that are automatically backed-up. But this isn’t a foolproof way to restore all your files as Windows System Restore won’t create backups of your personal files and folders. Windows System Restore is really only for recovering Windows system files, not your personal vacation photos, your financial documents, your iTunes music albums, et cetera. Worse, more recent variants of Ransomware delete all shadow copies.

It’s best to prepare. RollBack Rx will regularly and automatically create backups of all your files (called “snapshots”). Each snapshot is a complete instance of everything as it existed on your machine the second the snapshot was taken. You can simply return to any of these points-in-time and every trace of any such virus or other malware is completely removed from your machine.