How to know if your system has been infected by Ransomware, and what to do if it has?
How to know if your system has been infected by Wannacry/Ransomware?
- If you notice that any of the files listed below or the extensions of other important files have changed to (*.wnry), then you are already infected.
– Commonly used office file extensions (.ppt, .doc, .docx, .xlsx, .sxi)
– Less common and nation-specific office formats (.sxw, .odt, .hwp)
– Archive and media files (.zip, .rar, .tar, .bz2, .mp4, .mkv)
– Emails and email databases (.eml, .msg, .ost, .pst, .edb)
– Database files (.sql, .accdb, .mdb, .dbf, .odb, .myd)
– Developers’ source code and project files (.php, .java, .cpp, .pas, .asm)
– Encryption keys and certificates (.key, .pfx, .pem, .p12, .csr, .gpg, .aes)
– Files used by graphic designers, artists and photographers (.vsd, .odg, .raw, .nef, .svg, .psd)
– Virtual machine files (.vmx, .vmdk, .vdi)
What to do next?
- Do not pay the ransom, as this does not guarantee the files will be released. Report such instances of fraud to CERT and law enforcement agencies.
- Disconnect all network connections and external storage immediately.(Because it will spread in the network immediately)
- Shut down your computer and inform your organisation’s IT department or contact an IT Expert.
- Keep your backups ready before experts assist you.
Not yet infected? Prevent it!
- Posted on May 18, 2017
- By Deep Patel
- 0 Comments