In short: To protect data from encryption viruses, you can use an encrypted disk based on a crypto-container, a copy of which must be stored in the cloud storage.

  • The analysis of cryptolockers showed that they encrypt only documents and the container file from the encrypted disk is not of interest to Cryptolockers.
  • Files inside such a crypto-container are inaccessible to the virus when the drive is disabled.
  • And since the Encrypted Disk is turned on only at the moment when it is necessary to work with files, there is a high probability that the cryptolocker will not have time to encrypt it or will detect itself before that moment.
  • Even if the cryptolocker encrypts the files on such a drive, you can easily recover backup crypto disk container from cloud storage, which is automatically generated every 3 days or more often.
  • It is safe and easy to store a copy of a disk container in the cloud. The data in the container is securely encrypted, which means that Google or Dropbox will not be able to look inside. Due to the fact that the crypto-container is one file, by uploading it to the cloud you are actually uploading all the files and folders that are inside it.
  • A crypto-container can be protected not only with a long password, but also with a rutoken-type electronic key with a very strong password.

Encryption viruses (ransomware) such as Locky, TeslaCrypt, CryptoLocker and WannaCry cryptolocker are designed to extort money from the owners of infected computers, which is why they are also called "ransomware". After infecting a computer, the virus encrypts the files of all known programs (doc, pdf, jpg…) and then extorts money for their reverse decryption. The affected party will most likely have to pay a couple of hundred dollars to decrypt the files, since this is the only way to return the information.

If the information is very expensive, the situation is hopeless, and is complicated by the fact that the virus includes a countdown and is able to self-destruct without giving you the opportunity to return the data if you think for a very long time.

Benefits of the Rohos Disk Encryption program for protecting information from crypto-viruses:

  • Creates a Crypto-container for reliable protection of files and folders.
    The principle of on-the-fly encryption and strong encryption algorithm AES 256 Bit are used.
  • Integrates with Google Drive, Dropbox, Cloud Mail.ru, Yandex Disk.
    Rohos Disk allows these services to periodically scan the crypto-container and upload only changes to the encrypted data to the cloud, thanks to which the cloud stores several revisions of the crypto-disk.
  • The Rohos Disk Browser utility allows you to work with a crypto disk so that other programs (including viruses) do not have access to this disk.

Crypto container Rohos Disk

The Rohos Disk program creates a crypto container and a drive letter for it in the system. You work with such a disk as usual, all data on it is automatically encrypted.

When the crypto-disk is disabled, it is inaccessible to all programs, including ransomware viruses.

Integration with cloud storage

The Rohos Disk program allows you to place a crypto container in the cloud storage service folder and periodically start the crypto container synchronization process.

Supported services: Google Drive, Dropbox, Cloud Mail.ru, Yandex Disk.

If the crypto-disk was turned on, a virus infection occurred and the virus began to encrypt data on the crypto-disk, you have the opportunity to restore the image of the crypto-container from the cloud. For information - Google Drive and Dropbox are able to track changes in files (revisions), store only the changed parts of the file and therefore allow you to restore one of the versions of the crypto-container from the recent past (usually 30-60 days, depending on free space on Google Drive).

Rohos Disk Browser Utility

Rohos Disk Browser allows you to open a crypto container in explorer mode without making the disk available at the driver level for the entire system.

The advantages of this approach:

  • Disk information is displayed only in Rohos Disk Browser
  • No other application can access data from the disk.
  • Rohos Disk Browser user can add file or folder, open file and do other operations.

Complete data protection against malware:

  • The files are not available to other programs, including Windows components.

It continues its oppressive march on the Web, infecting computers and encrypting important data. How to protect yourself from ransomware, protect Windows from ransomware - are patches, patches released to decrypt and cure files?

New ransomware virus 2017 Wanna Cry continues to infect corporate and private PCs. At $1 billion in damage from virus attack. In 2 weeks, the ransomware virus infected at least 300 thousand computers despite warnings and security measures.

What is ransomware 2017- as a rule, you can "pick up", it would seem, on the most harmless sites, for example, banking servers with user access. Hitting on HDD victims, the ransomware "settles" in system folder System32. From there, the program immediately disables the antivirus and goes to "Autorun"". After each reboot, the encryption program starts in the registry starting his dirty work. The ransomware starts downloading similar copies of programs like Ransom and Trojan. It also often happens ransomware self-replication. This process can be momentary, or it can take weeks - until the victim notices something was wrong.

The ransomware often disguises itself as ordinary pictures, text files , but the essence is always the same - this is an executable file with the extension .exe, .drv, .xvd; sometimes - libraries.dll. Most often, the file has a completely harmless name, for example " document. doc", or " picture.jpg”, where the extension is written manually, and the true file type is hidden.

After the encryption is completed, the user sees instead of familiar files a set of "random" characters in the name and inside, and the extension changes to a hitherto unknown - .NO_MORE_RANSOM, .xdata and others.

2017 Wanna Cry ransomware virus – how to protect yourself. I would like to note right away that Wanna Cry is rather a collective term for all ransomware and ransomware viruses, as it has recently infected computers most often. So, let's talk about Protect yourself from Ransom Ware ransomware, of which there are a great many: Breaking.dad, NO_MORE_RANSOM, Xdata, XTBL, Wanna Cry.

How to protect Windows from ransomware.EternalBlue via SMB port protocol.

Windows ransomware protection 2017 - basic rules:

  • windows update, timely transition to a licensed OS (note: the XP version is not updated)
  • updating anti-virus databases and firewalls on demand
  • utmost care when downloading any files (cute "cats" can result in the loss of all data)
  • backup important information to removable media.

Ransomware virus 2017: how to cure and decrypt files.

Relying on anti-virus software, you can forget about the decryptor for a while. In laboratories Kaspersky, Dr. Web, Avast! and other antiviruses no solution found for curing infected files. On the this moment it is possible to remove the virus using an antivirus, but there are no algorithms to return everything “to normal” yet.

Some try to use decryptors like the RectorDecryptor utility but this won't help: algorithm for decrypting new viruses has not yet been compiled. It is also absolutely unknown how the virus will behave if it is not removed after the use of such programs. Often this can result in the erasure of all files - as a warning to those who do not want to pay the attackers, the authors of the virus.

At the moment the most effective way to return the lost data is an appeal to those. supplier support antivirus program which you are using. To do this, send an email, or use the form for feedback on the manufacturer's website. Be sure to add the encrypted file to the attachment and, if any, a copy of the original. This will help programmers in drawing up the algorithm. Unfortunately, for many, a virus attack comes as a complete surprise, and copies are not found, which complicates the situation at times.

Cardiac methods of treating Windows from ransomware. Unfortunately, sometimes you have to resort to full formatting hard drive, which entails a complete change of OS. Many will think of restoring the system, but this is not an option - even there is a “rollback” that will allow you to get rid of the virus, then the files will still remain encrypted.

  • More than 200,000 computers have already been infected!
The main targets of the attack were aimed at the corporate sector, followed by telecommunications companies in Spain, Portugal, China and England.
  • The biggest blow was dealt to Russian users and companies. Including Megafon, Russian Railways and, according to unconfirmed information, the Investigative Committee and the Ministry of Internal Affairs. Sberbank and the Ministry of Health also reported attacks on their systems.
For decrypting the data, the attackers demand a ransom of 300 to 600 dollars in bitcoins (about 17,000-34,000 rubles).

How to install official Windows ISO 10 without using the Media Creation Tool

Interactive map of infection (CLICK ON THE MAP)
ransom window
Encrypts files of the following extensions

Despite the targeting of the virus to attack the corporate sector, regular user is also not immune from the penetration of WannaCry and possible loss file access.
  • Instructions for protecting your computer and data in it from infection:
1. Install the Kaspersky System Watcher application, which has a built-in function to roll back changes caused by the actions of an encryptor that still managed to bypass protection tools.
2. Users of the antivirus program from Kaspersky Lab are advised to check that the System Monitoring function is enabled.
3. For users of ESET NOD32 antivirus for Windows 10, a function has been introduced to check for new available OS updates. In the event that you took care in advance and you had it enabled, then all the necessary new Windows updates will be installed and your system will be completely protected from this virus WannaCryptor and other similar attacks.
4. Also, users of ESET NOD32 products have such a function in the program as the detection of still unknown threats. This method based on the use of behavioral, heuristic technology.

If a virus behaves like a virus, it is most likely a virus.

Technology cloud system Since May 12, ESET LiveGrid has been very successful in repelling all the attacks of attacks of this virus, and all this happened even before the signature database update arrived.
5. ESET technologies provide security even to devices with previous Windows systems XP, Windows 8 and Windows Server 2003 (we recommend that you stop using your data legacy systems ). Due to the very high level threats, for OS data, Microsoft has decided to release updates. Download them.
6. To minimize the threat of harm to your PC, you need to urgently update your Windows versions 10: Start - Settings - Update and security - Check for updates (in other cases: Start - All Programs - Windows Update - Search for updates - Download and install).
7. Install the official patch (MS17-010) from Microsoft, which fixes a bug in the SMB server through which a virus can penetrate. This server involved in this attack.
8. Check that all available security tools are running and in working order on your computer.
9. Perform a virus scan of the entire system. When a malicious attack named MEM:Trojan.Win64.EquationDrug.gen, reboot the system.
And once again I recommend that you check that the MS17-010 patches are installed.

Currently, specialists from Kaspersky Lab, ESET NOD32 and other antivirus products are actively working on writing a program for decrypting files, which will help users of infected PCs to restore access to files.

The world of cybercrime is evolving from quantity to quality: there are fewer new malware, but their complexity is increasing. State intelligence services have joined the race of hacker technologies, which was confirmed by the largest incident of 2016-2017 associated with the leakage of cyber weapons from the NSA. It took the hackers a matter of days to exploit the open access development of special services for fraudulent purposes. High-profile information security incidents have drawn attention to the issue of data protection, and the global information security market continues to grow at a rapid pace.

At the moment, the growth of cybercrime in general is not as significant as it was in 2007-2010. “During that period of time, the number of malicious programs being created really grew exponentially, hundreds and thousands of times higher than in previous years. AT recent years we have reached a “plateau” and the annual figures for the last three years are stable,” says Yuri Namestnikov, head of the Russian research center of Kaspersky Lab. “At the same time, several interesting processes are observed at once, which in total give a feeling of a greater scope of hackers' actions,” notes the CNews interlocutor.

Among the trends of 2016-2017 First of all, it should be noted a significant increase in the number of "state-sponsored" attacks, which are aimed at espionage or critical damage to the infrastructure. In the field of traditional cybercrime, sophisticated targeted attacks against large companies and financial institutions, which are developed taking into account the unique landscape of the IT infrastructure of a particular organization, have received the most development. In addition, ransomware that requires a ransom for decrypting data is very popular with cybercriminals. “In sum, these processes give a feeling of a greater scope for hackers,” comments Yuri Namestnikov.

NSA leak sparks epidemic

Of the events in the field of information security, first of all, the scandal related to the interference of hackers in the US elections attracted attention. The cybersecurity market is influenced not only by the economy, but also by the geopolitical situation in the world, claims Ilya Chetvertnev, Deputy Technical Director of the Informzaschita company: “A vivid example was the last US presidential election, which showed how hacking information systems can affect the country as a whole. Therefore, at present, the critical infrastructure of enterprises for the purpose of industrial espionage has been added to the classic objects of attack.”

In addition, in 2016, hackers from the Shadow Brokers group stole secret hacking tools from the American NSA (NSA, National Security Agency). computer networks, while the source of the leak is still . Some of the developments got into the public domain, which led to sad consequences. In May 2017, an epidemic of the WannaCry malicious worm broke out, which is distributed using the EternalBlue exploit developed by the NSA, which exploits a previously unknown vulnerability in the Windows OS. WannaCry encrypts the data on the infected computer and demands a ransom in cryptocurrency. In total, hundreds of thousands of computers around the world have been infected.

Lack of digital hygiene

According to Maxim Filippov, director of business development at Positive Technologies in Russia, after the publication of a new exploit, it takes only 2-3 days before it is used by cybercriminals: “After the leak of the NSA archives, many people adopted the published techniques and tactics, and as a result more often and be modified by attackers, including for more effective “covering up” of traces”.

“Attackers are shifting their focus from application vulnerabilities to operating system vulnerabilities,” comments Code of Security CTO Dmitry Zryachikh. “Information about these vulnerabilities is obtained by intelligence agencies and then leaked to the free market. Moreover, the problem remains even after the release of updates for the basic software: three months before the WannaCry epidemic, Microsoft released a patch to prevent infection, but despite this, WannaCry infected more than 500,000 computers worldwide.”

The problem is that many users ignore updates and don't install them on time. Director of the information security center "Jet Infosystems" Alexey Grishin notes the negative impact of the human factor: “Companies often forget about basic security, the so-called digital hygiene: managing updates and vulnerabilities, anti-virus protection, minimizing user rights, reasonable access rights management, etc. In such conditions, they do not even save latest systems security."

In addition, modern companies are not always able to correctly organize the access rights of certain users. “Uncontrolled access by privileged users (both internal and external: contractors, support services, auditors, etc.) can lead to serious consequences. Customers shared cases when their infrastructures practically got out of their influence due to the omnipotence of contractors and the lack of proper organization of their work,” says Oleg Shaburov, Head of the Cybersecurity Department of the Softline group of companies.

Ransomware boom

WannaCry was not the only ransomware that gained notoriety in 2016-2017. Previously, the malicious utilities Petya and BadRabbit, which also encrypt data on PCs and demand a ransom in bitcoins for access to them, became widespread. At the same time, attacks using BadRabbit were more targeted, affecting mainly computers at infrastructure facilities in Ukraine.

According to Kaspersky Lab, over the past year, 32% of Russian companies, with 37% of them encrypted with significant amounts of data. Lost all their valuable data or failed to regain access to a significant part of them 31% of companies. And 15% of the surveyed companies preferred to pay the ransom (although this does not guarantee the return of files). “The main problem with ransomware and ransomware today is that victims often agree to pay the attackers because they see no other way to regain access to their valuable data,” Yuri Namestnikov comments.

Investments in cybersecurity grow

The last one and a half to two years have been rich in incidents in the region information security, which contributed to the growth of investments in the protection of information systems. According to IDC, at the end of 2017 global revenue from deliveries of information security products will increase by 8.2% to $81.7 billion. Gartner analysts give similar figures, they predict growth by 7% to $86.4 billion at the end of the year. At the same time, the information security segment is developing faster than the IT market as a whole: according to Gartner, global spending on IT in 2017 will increase by only 2.4%. Shows similar dynamics Russian market: according to the CNews Security rating, at the end of 2016, domestic deliveries of information security increased by 8% in dollars and by 18%.

The volume of the global information security market in 2016 and the forecast for 2017, in$ billion