Geek Squad Email Scam


About Geek Squad Email Scam

Geek Squad Email Scam refers to malicious email campaigns that use Geek Squad’s name to scam users. The emails claim that users’ subscriptions have been renewed and they have been charged for them. The emails do not have links or attachments but they do have phone numbers, which if dialed, would connect users to scammers. It goes without saying that Geek Squad has nothing to do with this email and its name is merely used to scam users. There are many scams using Geek Squad’s name so it’s difficult to say which particular scams users are dealing with. But in most cases, they are giveaway scams.

According to one particular Geek Squad email scam we have encountered, users were supposedly charged $499.99 for a renewed Geek Total subscription. The name of the subscription varies depending on which scam email users receive, but it usually includes phrases like “Complete Network Security” and “Geek Total Protection”. The email claims that users had a subscription to a Geek Squad product and it has been renewed. If users actually did have a subscription, this kind of email may alarm them quite a bit.


Greek Squad

Dear Customer,

Thank You for choosing Geek Total Protection.
We have renewed your Subscription as per your electronic consent.
Hope you are with us.
This email is to inform you that an amount of $499.99 has been charged for the services.
For any assistance, please call: +1-808-666-6112.

Order details:
Invoice Number:
Registered Email: –
Service: Geek Total Protection
Renewal Date:
Next Renewal:
Item Price: $499.99
Shipping: $0.0
Total Price: $499.99
Note: For any service activation queries or support or if you want to cancel the subscription please call us within 24 Hours for easy assistance.
We are here to assist you with every aspect.

warm regards,
Geek Squad Team
Copyright © Geek Squad Team | 2022

These emails are probably promoting a “refund scam”. It’s a very common scam that aims to trick users into sending scammers money. The way it works is if users call the fake tech support phone numbers listed in scam emails, they get connected to professional scammers claiming to work for customer service or tech support. When users explain the situation, scammers offer to refund the money. They ask to remotely connect to their computers so they can control the screen, then request that users access their bank account. Because they are connected to the computer remotely, they can show fake overlay screens to make it seem like they did indeed send users money. Only instead of sending them the correct sum of money, they fake send a significantly larger sum. For example, if users want a $400 refund, scammers would pretend to send $4,000, supposedly as a mistake. Users would see a fake screen and believe they did indeed receive the $4,000. Scammers would then start begging users to send back the difference, and if users agree, they would be sending their own money because they didn’t actually receive anything from scammers.

What gives away a malicious email

Grammar and spelling mistakes are what usually give away malicious emails. The Geek Squad email scam is written in very poor English and has very obvious mistakes. Considering that Geek Squad is a legitimate company, it’s very unlikely that its emails would contain any obvious mistakes because that would make the company look very unprofessional. Its emails would certainly not contain phrases like “We have renewed your Subscription as per your electronic consent. Hope you are with us”. But since malicious actors often have very poor English language skills, their malware campaigns are full of mistakes. This at least makes the emails very obvious and users can recognize them for what they are pretty easy.

Notice how in the above example of the Geek Squad email scam the recipient is addressed as “Customer”. This is an obvious sign that users are probably dealing with a malicious, phishing, or scam email. Users are addressed by name in emails from companies like Geek Squad that are legitimate. However, in many cases, malicious actors don’t have users’ personal information so they use generic words like “User”, “Customer”, “Member”, etc.

Users should always inspect the email addresses of senders they don’t recognize, especially if an email asks them to open an attachment, click on a link, call a phone number, etc. In many cases, the emails are sent from very random email addresses, which immediately gives them away. However, when emails are more sophisticated, the senders’ addresses may look much more legitimate. This is why users should always, at the very least, research email addresses with a search engine.

Remove Geek Squad Email Scam

The email is safe as long as users don’t engage with it. If it lands in your inbox, you can simply delete Geek Squad email scam. It’s important to note that there’s a good chance your email address has been leaked if you have received a phishing or malicious email. If that is the case, you will receive more potentially malicious emails in the future. To find out whether your email address has been part of a data breach, you can use haveibeenpwned. In the future, be cautious when opening unsolicited emails if it turns out your email address has been leaked. Do not click on unknown links and scan all unsolicited email attachments with anti-virus software before opening them.

Finally, if you called the number in this scam email and gave away your personal information, be very wary of unsolicited phone calls from unknown callers and emails. The information you provided will likely be used to perform more sophisticated scams on you. If you sent money to these scammers via bank transfer, there’s still a possibility of getting your money back if you contact your bank in time. They would also help you with everything you may need to do to secure your account.

Driver Updater – Why you need to remove?


What is PUP.Driver Updater?

PUP.Driver Updater is the detection name anti-virus programs use to detect potentially unwanted program (PUP) Driver Updater. While Driver Updater is not a malicious program, its installation methods as well as dubious scan results have resulted in the program being classified as a PUP. It uses deceptive means to promote its paid version, primarily by showing exaggerated scan results. The program scans for drivers that need to be updated for free but requires a subscription to update them. The program makes it seem like the computer’s performance will be improved if they use it, though that is unlikely to be the case.

It’s a program that can install through software bundling, so users may not even realize when PUP.Driver Updater installs. If you suddenly discover something on your computer that you don’t recall installing, it was probably installed via the software bundling method. To put it simply, PUP.Driver Updater may have been attached to some free program you installed as an extra offer. These offers are permitted to install alongside the programs they’re attached to automatically. This will be covered in more detail later on in this report. Programs that use it are almost always labeled as PUPs at the very least because it is a somewhat misleading installation technique.

Soon after installation, PUP.Driver Updater will begin displaying notifications that you need to scan your computer. If you use Driver Updater to scan your computer, the results may be quite alarming. The program may claim that there are tens or even hundreds of issues related to drivers that need to be fixed immediately. You will only be able to scan your computer with the free PUP.Driver Updater version. To fix the detected issues, the program will ask that you first buy a subscription. While asking for users to pay for subscriptions before allowing them to use all features is nothing unusual, PUPs like Driver Updater display fake or exaggerated scan results to pressure users into making purchases. Evidently, this is a deceptive tactic.

The primary function of PUP.Driver Updater is installing driver updates but most users do not need this function. Even if you determine that you need to update your drivers, you should only download drivers from the websites of the manufacturers. Additionally, all necessary driver updates are typically installed through Windows updates, negating the need for additional action. There’s really no need to use system utility tools like Driver Updater, especially ones that you need to pay for. Purchasing Driver Updater would be a waste of your money. As a result, we strongly advise you to remove PUP.Driver Updater from your computer if it’s detected on your computer.

However, it should be mentioned that even though it’s frequently referred to as a virus, PUP.Driver Updater is neither a malicious nor a harmful program. Nevertheless, it serves no purpose so keeping it installed is not recommended.

How did PUP.Driver Updater install on your computer?

Since PUP.Driver Updater has an official website and is accessible for download from third-party websites, it’s not impossible that you downloaded and installed it on your own. However, a quick Google or other search engine search would have returned numerous results warning about using PUP.Driver Updater. In the future, we advise researching programs before downloading them to avoid installing unwanted or even malicious programs.

However, the program was most likely installed via the software bundling method. Software bundling is a rather deceptive installation technique, which is why it’s so controversial. Software bundling basically involves adding extra offers to programs. These offers could be anything, but they frequently are adware, browser hijackers, and potentially unwanted programs. Although they are optional, the manner in which they are added enables the offers to be installed automatically without requiring any explicit authorization from users. Additionally, the offers are initially hidden, and users need to use specific settings to even see them. This is why users are often unaware of these installations and are taken by surprise when they start seeing unknown programs on their devices. However, the offers are not difficult to deselect, as long as you know how to correctly install freeware.

Selecting Advanced (Custom) settings while installing free software is very important. Default settings will be recommended by the installation window but using these settings will lead to all added offers being installed on the computer automatically. Unlike Default settings, Advanced settings will show every offer added to the program. Additionally, you will be able to uncheck all of them. Simply uncheck the boxes of those offers. This should be done with every free program you install. Otherwise, your computer will quickly become overrun with useless programs. Furthermore, preventing their installation is considerably simpler than having to uninstall them once they’ve been fully installed.

How to remove PUP.Driver Updater

If you are using ESET, Malwarebytes, Windows Defender, or any other legitimate anti-virus program, they should be able to remove PUP.Driver Updater for you since several anti-virus providers have identified the application as a PUP. It is also possible to manually remove PUP.Driver Updater, however doing so may require more effort and time since you would have to do everything yourself.

Wacatac Trojan – What you need to know?


What is Wacatac Trojan

Wacatac Trojan is a trojan infection that enters computers in a stealthy way and can remain unnoticed for a while if an anti-virus program is not installed on a computer. Once on a computer, the trojan can do a lot of damage, including allowing other malware to enter, stealing passwords and other sensitive information, adding your device to a botnet, etc. In many cases, trojans can remain unnoticed for a long time because they show no signs of being present. This allows them to carry out their malicious activities for a long time.

Two Products. Ultra Security. One Deal!


With cybercrime evolving at incredible speeds, being online is now more dangerous than ever. Seemingly harmless actions such as connecting to unsecured/public WiFi networks can have unexpectedly negative consequences, like data theft. Not to mention clicking on an email attachment or link could result in malware downloading on a computer. Users face these threats every day but with adequate protection, these threats are not as threatening. And that is why SpyWarrior and Cypherdog have teamed up to allow users to secure their devices and their data with ease.

Modern anti-malware programs offer protection from all kinds of potential threats, including viruses, potentially unwanted programs, and malware (including ransomware). Such solutions guard the computer in real-time and prevent malicious programs from being able to sneak in and cause damage. Artificial intelligence technology integrated within such programs, as well as behavioural analysis, also protects against file-encrypting ransomware infections. An anti-malware program is able to identify a potentially malicious process that, for example, intends to encrypt files, and block it from doing so. A modern anti-malware solution is not only able to guard users’ computers but also protect their files from encryption. SpyWarrior is an example of one such solution.

Protecting files and data from unauthorized access is equally important. The best way to do that is to encrypt them. This way, the encrypted files would only be accessible to the owner or someone who has access to the private key. It’s also important that users are able to send files, emails, and messages in a secure way. This can be done with Cypherdog’s encryption services.

Ideally, we would not need to worry about the security of our devices and data. However, that is not the reality we live in and we need to take action to ensure our security. What cybersecurity companies can do to make it easier is offer users affordable, comprehensive, and effective solutions that make being safe easy. SpyWarrior and Cypherdog are doing exactly that. With both security solutions, users can be sure they’re protected on all fronts.

Top Cybersecurity Predictions 2023


Every year brings new challenges for cybersecurity as cybercriminals learn to adopt new technologies to carry out increasingly more sophisticated attacks. But 2022 was a more quiet year, with fewer notable incidents compared to previous years. However, that does not mean cybercriminals were not busy. Ransomware attacks were carried out, new cybergangs emerged, data breaches occurred, and damages worth trillions of dollars were caused.

In 2022, cybercrime, ransomware, in particular, remained one of the biggest headlines, not only because of carried-out attacks but also because some major arrests were made. Most notably, members of the notorious Lapsus$ cyber gang were arrested in early 2022. The year 2023 will not be drastically different and trends will remain more or less the same. We can expect more focus on privacy in 2023, with certain regulations coming into effect. We may also see cybercriminals using more sophisticated technologies in their attacks, as well as witness certain gradual changes in the ransomware landscape. It’s also an easy prediction that Russia will carry out state-sponsored cyberattacks not only against Ukraine but also its allies, including the US. And lastly, by the end of 2023, damage caused by cybercrime will have exceeded $8 trillion.

What you can expect in cybersecurity in 2023

Increased focus on privacy

Following the California Consumer Privacy Act (CCPA) that took effect on January 1, 2023, companies should expect even more scrutiny when it comes to how they handle consumer data. This is good news for consumers as they will get more control over what companies can do with their data. Privacy laws differ in different US states but we will likely see privacy become one of the main priorities in 2023 as consumers are becoming increasingly more concerned with what organizations do with their information and whether their privacy is protected. With GDPR, European countries already have one of the strictest privacy laws but other countries will likely follow as well, as privacy becomes one of the main topics.

Ransomware groups may change strategies but continue to carry out targeted attacks

According to certain statistics, ransomware has started declining in the last year, with a more than 20% decrease compared to 2021. This may be the result of many factors, including stricter regulations when paying the ransom, as well as victims being more prepared to mitigate attacks. Whether this trend continues only time will tell but this certainly does not mean that cybercriminals will halt their malicious activities. Rather, it’s likely that in the near future, ransomware operators will start changing their strategies. Instead of only encrypting files, more ransomware gangs will focus on exfiltrating files in order to threaten victims into paying the ransom or simply sell the data to other cybercriminals.

After large-scale and significant ransomware attacks, particularly the Colonial Pipeline attack, there have been changes in how an affected company should deal with an attack. It’s somewhat more complicated for victims to pay the demanded ransom because of stricter regulations that require cyber incident reporting when paying the ransom. Furthermore, insurance companies are getting less and less inclined to reimburse ransom payments, which will also contribute to the decline. Businesses are also better prepared to deal with ransomware attacks because of reliable backups, as well as operation recovery plans. All of this may contribute to the changing ransomware landscape.

Large-scale targeted ransomware attacks are one thing that is not going to change in 2023 or in the near future. While such attacks require more preparation, resources, and effort, they bring in significantly larger sums of money. However, ransomware gangs will need to select their targets very carefully in order to not attract too much attention as increased scrutiny has already resulted in many arrests. It’s likely that more notable ransomware groups will rebrand with new names in 2023 in order to avoid the spotlight and the problems it brings.

More sophisticated phishing attacks

As is the case every year, we can expect that cyberattacks will become increasingly more sophisticated. Regular users will continue to deal with mostly poorly-made phishing emails with grammar and spelling mistakes because this method is relatively low-effort but can have high rewards. However, attacks aimed at specific targets will be much more sophisticated. Phishing attempts will be personalized and well-written, as well as have all the relevant logos to make them almost indistinguishable at first glance. To carry out such phishing attacks successfully, malicious actors need to put in a lot of work and time, which is why such attacks will be reserved for high-level targets. It’s also worth mentioning that cybercriminals will use artificial intelligence to enhance their phishing attempts. Social engineering attacks using audio and video will become increasingly more common.

More sophisticated phishing attacks mean companies need to up their security as well. That includes training employees to spot potential attacks.

Cyberattacks originating from Russia will continue 

Russia has always been a safe haven for cybercriminals and cyber gangs. The country is also no stranger to performing state-sponsored cyber attacks. As Russia continues to suffer losses in the war it started against Ukraine, it’s likely that the number of cyberattacks originating from Russia will increase. Ukraine will not be the only target, as Russian hackers will also attack Western countries for their continued support of Ukraine and the enforced sanctions. Critical infrastructure and sectors including energy, financial services, shipping, etc., will likely be targeted for the sake of disruption. In order to cause as much disruption as possible in both Ukraine and its allied countries, Russia’s state-sponsored attacks will likely forgo ransom demands and focus on shutting down critical infrastructure and preventing access to it. Whether it will be successful in doing so is another question. But considering Russia’s long history of cybercrime, the threat of a cyberattack should not be taken lightly.

Cybercrime damage will reach an all-time high

This one is not difficult to predict as damage from cyberattacks has been steadily raising for years now. But in 2023, cybercrime damage cost is expected to be above a staggering $8 trillion. It’s also expected that cybercrime costs will grow by 15% per year over the next three years, reaching $10.5 trillion by 2025. Data damage, stolen money, intellectual property theft, productivity loss, downtime, regular operation restoration, file recovery, forensic investigation, etc., are all included in calculating damage caused by cybercrime.

The threat of ransomware for businesses in 2023


The threat of ransomware for businesses in 2023

Every year, thousands of businesses, organizations, government entities, institutions, etc., become victims of cyberattacks. And every year, there are at least a few attacks that top the ones from previous years. According to a study by the IDC, 37% of global organizations were victims of cyberattacks involving ransomware in 2021. This year, the attacks on Colonial Pipeline and Kaseya were two of the most serious ones. But there were thousands of businesses and organizations that fell victim to ransomware in 2021.

Using SpyWarrior and Cypherdog together provides the ultimate protection


SpyWarrior for your computer protection

Computer infections come in all kinds of forms. And while some infections may do only minimal harm, others can cause crippling damage. For individual users, a malware attack could mean permanently lost files, stolen credentials, and even financial loss. For businesses, a malicious software attack could halt operations, lead to significant data breaches, and cause millions of dollars in damages. It is estimated that the total cost of ransomware in 2021 was $20 billion. The number is expected to rise to $265 billion by 2031.

We understand that avoiding cyber threats can be very challenging, even impossible in some cases. But in today’s cyberspace, with threats becoming increasingly more sophisticated, becoming a victim is more dangerous than ever. So the question is, what can you do about it?

A good anti-virus program is essential if you want to protect yourself from malware and the damage such infections can cause. And SpyWarrior is more than just a good anti-virus program. SpyWarrior provides the finest security for your computer for a malware-free experience.


SpyWarrior can and will protect your device from a wide range of infections, including adware, browser hijackers, spyware, keyloggers, botnets, rootkits, trojans, and ransomware. Real-time protection will prevent malware from entering, while a full scan will detect malware that has managed to sneak in unnoticed.

SpyWarrior’s most important feature is protection against ransomware. There’s likely no need to introduce this particular threat as it has become quite notorious in the last 5 years. But ransomware threats have only gotten worse and not only do they now take files hostage, but they also threaten to leak the files if a ransom is not paid.

According to statistics, a staggering 77% of ransomware attacks carried out in the first quarter of 2021 also threatened to leak data. So backing up data and having a recovery plan is no longer enough. This is where SpyWarrior comes in. Artificial technology integrated within SpyWarrior allows the program to immediately detect a malicious process that intends to encrypt files. The program will instantly halt the process and remove the infection before it can do any damage.

SpyWarrior already has a significant threat database. And because it’s continually updated with new threats, it can stay on top of its game when it comes to detecting malware.

SpyWarrior can deal with the following:

  • minor threats (e.g. adware and spyware);
  • malware (e.g. trojans and viruses);
  • ransomware;
  • privacy issues.

Cypherdog for your privacy

SpyWarrior’s companion security tool is Cypherdog. To put it simply, Cypherdog provides encryption services. It offers three main services: File Exchange & Storage, e-mail encryption, and a Messenger app. All three are developed with complete privacy in mind.

Cypherdog’s main goal is to ensure that communication between you and the recipient stays between you, whether you’re using email, Cypherdog’s Messenger, or the File Exchange & Storage app. Whatever data is sent or received by you will be encrypted and can be opened using a private key. The key is available only in the Cypherdog application. You will be the only one with access to it.

It should also be mentioned that Cypherdog has no access to the data and does not take part in the encryption/decryption process. This means that it cannot access files being sent or received. Whatever data you receive, it’s for your eyes only.

This also means that if you lose your private key, its backup, or your password, Cypherdog cannot help you recover your data or gain access to your account. And if you’re worried about data leaks, don’t be! Public keys that are used to encrypt files and messages being sent are stored in distributed registers using blockchain technology.

Cypherdog also allows you to confirm someone’s identity using a QR code, whether you’re using File Exchange & Messenger, or doing a face-to-face meeting. When exchanging files or meeting someone, you can be completely certain they are who they claim to be.

When using Cypherdog, everything about your communications will be completely private. Cypherdog will not know who you are contacting, what files you send, or how long the communication lasts. It will also have no access to address books and files stored in cloud storage, on local disks, or when they’re being transferred.

Cypherdog is also not interested in knowing anything about you. Your IP address, location, logs, mobile phone number, connections, etc., will not be collected.

Lastly, with Cypherdog, you can encrypt your files locally on your device. Whether you’re keeping sensitive files or simply want your files to be for your eyes only, you can easily encrypt them. And if you do not want to keep your files locally, you can store them in Cypherdog’s encrypted cloud.

Taking all of the above into account, it can be said that Cypherdog protects you against the following:

  • economic (and foreign) espionage and data theft;
  • business email compromise;
  • a new generation of ransomware with double extortion;
  • invoice hacking;
  • data leaks.

Using SpyWarrior and Cypherdog together provides the ultimate protection

Protecting yourself from malicious threats and ensuring your complete privacy are both equally important things in today’s cyberspace. And there’s no need to prioritize one or the other. If you want to cover all bases, why not allow SpyWarrior to take care of your computer while Cypherdog will secure your privacy? Together, SpyWarrior and Cypherdog will provide the ultimate protection, securing you on all accounts.

FBI takes down Russia-linked botnet Cyclops Blink


The US Department of Justice (DOJ) has announced that an FBI-led operation disrupted the Cyclops Blink botnet in March. The operation successfully removed the Cyclops Blink malware from internet-connected firewall devices. The botnet is believed to be operated by a group known as Sandworm (also known as Unit 74455), an alleged Russian cyber military unit. Many cyberattacks are associated with Sandworm, including attacks on Ukraine’s critical infrastructure and NotPetya ransomware. The unit is also believed to have interfered in the 2017 French presidential elections, as well as carried out the cyberattack on the 2018 Winter Olympics opening ceremony.

The Cyclops Blink botnet was first publicly revealed in February this year when the US and UK governments warned that WatchGuard firewall devices were being attacked. The Cyclops Blink malware specifically targeted WatchGuard and Asus network devices. While it was publicly revealed only in February, the botnet is believed to have begun operations as early as June 2019, likely as a successor to a similar botnet the DOJ took down four years ago.

Both WatchGuard and Asus released guidance and remediation tools to help affected devices immediately after the revelation by the US and UK governments. But the majority of compromised devices remained infected nonetheless, prompting DOJ to act.

“The same day as the advisory, WatchGuard released detection and remediation tools for users of WatchGuard devices. The advisory and WatchGuard’s guidance both recommended that device owners deploy WatchGuard’s tools to remove any malware infection and patch their devices to the latest versions of available firmware. Later, ASUS released its own guidance to help compromised ASUS device owners mitigate the threat posed by Cyclops Blink malware. The public and private sector efforts were effective, resulting in the successful remediation of thousands of compromised devices. However, by mid-March, a majority of the originally compromised devices remained infected,” the DOJ has said.

Following court authorization, the department carried out an operation that removed the malware from all remaining identified command and control (C2) devices that Sandworm used to control the botnet. Furthermore, it also closed the external management ports that Sandworm was using to access those C2 devices.

“These steps had the immediate effect of preventing Sandworm from accessing these C2 devices, thereby disrupting Sandworm’s control of the infected bot devices controlled by the remediated C2 devices,” the DOJ said.

However, the DOJ also warned that WatchGuard and Asus devices that acted as bots might remain vulnerable to Sandworm if no action is taken by the device owners.

No information/data was accessed by the FBI

The DOJ stressed that issuing the commands did not permit the FBI to search, view, or retrieve content/data on a victim’s device.

“The operation announced today leveraged direct communications with the Sandworm malware on the identified C2 devices and, other than collecting the underlying C2 devices’ serial numbers through an automated script and copying the C2 malware, it did not search for or collect other information from the relevant victim networks. Further, the operation did not involve any FBI communications with bot devices”.

6 Tips To Protect Your Cryptocurrency Wallet 2023


Why crypto wallets are often targeted

In recent years, cryptocurrency popularity has skyrocketed, with anyone and everyone now investing in various cryptocurrencies. This has attracted a lot of novice investors who know very little about cybersecurity, as well as cybercriminals who try to take full advantage of that. Less tech-savvy investors are often more susceptible to both investment scams and crypto wallet hacks because they are unaware of how these types of scams work, nor do they properly secure their crypto accounts.

8 Steps to Take When Dealing With a Ransomware Attack


Ransomware attacks are becoming increasingly more common. It’s no longer a question of if but rather when will a business/organization suffer a ransomware attack. For businesses and organizations, correctly responding to a ransomware attack can mean the difference between a quick recovery and permanent closure. It’s essential that all businesses have detailed cyberattack response plans in addition to investing major resources into preventing an attack in the first place.

Below are just general guidelines and certainly not a complete guide on how to deal with a ransomware attack. The entire process is highly complicated and it’s best to contact professionals to minimize damage.

What to do if you are hit with a ransomware attack

1. Do not panic and isolate affected systems

When prevention methods fail and ransomware is able to get in, it’s essential to not panic and take the correct steps to minimize damage. Isolating affected systems immediately after a ransomware attack is critical. In order to contain the infection and prevent it from spreading, you must remove the affected system from the network immediately. If you fail to do that, the ransomware may spread to other systems, doing even more damage.

Throughout the whole ransomware attack and recovery process, it’s essential that you keep a clear head. You should also not rush to make decisions but rather focus on minimizing damage.

2. Disconnect backup

Once you have isolated the affected systems, you need to focus on securing your backups. Whatever strain of ransomware it is that you are dealing with, it will most certainly target your backup in order to encrypt or delete files. To prevent this from happening, immediately disconnect your backup from the network and do not reconnect until the infection has been dealt with.

3. Disable maintenance tasks

When you have confirmed a ransomware attack, it’s essential to disable any automated maintenance tasks (e.g. temporary file removal, log rotation, etc.). This is mostly done to prevent any contaminations that could hinder an investigation.

4. Back up infected systems

It’s recommended to make backups of infected systems once they’re isolated. This could prevent the loss of data during the decryption process. If, for example, you make the decision to pay the ransom and receive a decryptor but the decryptor does not work correctly. The decryptor may not work as intended and could damage files during decryption. To avoid corrupting or damaging your only copies, it’s a good idea to back up encrypted systems just in case something goes wrong.

Backing up infected systems is also a good idea for those who do not intend to pay the ransom. If the files are not critical and do not need to be recovered immediately, you can back them up in case a free decryptor becomes available sometime in the future. Law enforcement agencies are actively pursuing cybercrime gangs and are sometimes successful in apprehending them. If this were to happen with the cybercrime gang responsible for the ransomware that’s affecting you, a decryptor may be provided for you.

5. Quarantine the ransomware

Rather than outright removing ransomware, victims should quarantine it until an investigator has given the okay. When victims completely purge an infection from their systems before investigators can analyze it, it makes it that much more difficult for specialists to perform an investigation. During an investigation, specialists need to carefully analyze samples and other data in order to identify which ransomware is responsible, what specifically was affected during the attack, and whether it’s possible to somehow recover encrypted files. And removing the ransomware infection hinders these investigations.

6. Investigate how the ransomware got in

Determining how a ransomware infection got in is an essential step. Not only would it help prevent future infections, but also provide curial information about what other systems may have been affected, or what was done exactly. If the ransomware got in due to a vulnerability, identifying the source of the infection would certainly prevent future incidents. If the infection is the result of an employee error, an investigation would help identify which areas specifically employees need training in.

For businesses and organizations, it’s recommended to contact professionals that specialize in such attacks. It’s often difficult to find the origin of the attack. By the time a ransomware attack is launched and is noticed, cybercriminals will have been in the systems for a while, so it’s recommended to have professionals identify the origin of the attack.

7. Identify the ransomware

In order to figure out the next course of action, it’s essential to correctly identify the ransomware strain. It can be done by using free services like Emsisoft’s ransomware identification tool or ID ransomware. You would need to upload the ransom note, an encrypted file as a sample, and some information. If the ransomware is known, these services would identify it. Identifying the ransomware strain would also help determine whether there is a free decryptor available. There are various resources for victims of ransomware (e.g. NoMoreRansom) that can help find a free decryptor if one is available.

8. Make the decision on whether to pay the ransom

The decision that comes with a ransomware attack is whether to pay the ransom. For victims who have no backups, or if they’re damaged, paying the ransom may seem like a good option. Oftentimes, paying the ransom may be a cheaper option than facing downtime until systems are restored. But the decision to give in should not be taken lightly as it comes with consequences. For one, it should be emphasized that paying the ransom does not automatically mean a decryptor will be provided. In most cases, it will be but there is always that chance that the cybercriminals will just take the money. This is more likely to happen if you’re dealing with a relatively unknown ransomware strain. There’s also a chance that even if the decryptor is sent, it may not work as it’s supposed to. Victims should never rush the decision of whether to pay the ransom and consider all outcomes.

Prevent future ransomware attacks

If you have already dealt with ransomware, you will now realize that such an attack will have lasting consequences. And if you don’t want to go through the whole file recovery and ransomware removal process again, you need to ensure that ransomware will not be able to infiltrate your systems in the future. And the most efficient way to do that is to use security software that’s designed to prevent and deal with such attacks.

Anti-malware program SpyWarrior uses artificial intelligence technology to effectively deal with ransomware attacks. Known ransomware strains will be immediately detected and blocked before they can do any damage or encrypt files. And if the ransomware strain is new, its suspicious behavior would still be detected, and the attack would be stopped in time.