Viruses, Ransomware, Malware, and Phishing

Ransomware, malware, social engineering, and phishing all encompass different forms of ill-intentioned cyberattacks.

• Malware is a general term formed by the words “malicious” and “software” that describes different types of software intended to compromise systems, obtain sensitive data or gain unsanctioned access to a network.
• Ransomware is a category of malware where attackers use various methods to encrypt your data, making it inaccessible, or preventing you from entry to a particular system or device. Attackers then would demand a ransom in exchange for reinstating your access.
• Social Engineering is where hackers connect with users while pretending to represent a legitimate organization and seek to ascertain critical information such as account numbers or passwords.
• Phishing is a social engineering form involving email, phone, text, or illegitimate websites. The collected information is used to access protected accounts or data in both instances.

Incident Response Plan: If infected by viruses, ransomware, malware, or phishing:

1. Isolate the device – Disconnect from the network to prevent further spread.
2. Run security scans – Use antivirus and anti-malware tools.
3. Report the incident – Notify the IT/security team immediately.
4. Restore from backup – Use secure backups rather than paying ransom.
5. Change compromised passwords – Update credentials for affected accounts.
6. Communication & Reporting: Conduct awareness training to prevent future incidents. Document lessons learned and update service ticket as needed. .

Anti-virus scanner sounds an alarm/alert – if the device has a virus scanner, it can at times detect ransomware signature infection early, unless it has been bypassed. (Check audit logs of anti-virus scanner)

• Check file extension – for example, the normal extension of an image file is ".jpg". If this extension has changed to an unfamiliar combination of letters, there may be a ransomware infection. (Use ‘*’ when searching for file extension in file explore)
• Name change – do files have different names than those you gave them? The malicious program often changes the file name when it encrypts data. This could therefore be a clue. (Use file explore)
• Increased CPU and disk activity – increased disk or main processor activity may indicate that ransomware is working in the background. (Check Task manager)
• Dubious network communication – software interacting with the cybercriminal or with the attacker's server may result in suspicious network communication. (Check Task manager)
• Encrypted files – Files are suddenly encrypted and inaccessible.

How to Remove Malware: Removing malware from your device can be tricky as there are so many different forms it can take. 

• Disconnect from the internet: First, remove all connections, both virtual and physical. These include wireless and wired devices, external hard drives, any storage media, and cloud accounts. This can prevent the spread of ransomware within the network. If you suspect that other areas have been affected, carry out the following backup steps for these areas as well.
  • Do not access websites that appear suspicious.
  • Do not open attachments on suspicious emails.
  • Do not click on links in emails, posts on social media, or other potentially dangerous messages.
  • Do not install pirated or unknown software and content.
  • Do not talk to perpetrators or pay ransom demands.
• Engage the safe mode on your device. Safe mode can usually be found in the device’s startup settings. Turning it on only allows essential apps and programs to start, preventing the spread of malware.
• Run a malware scanner, that differs from your existing antivirus software.
• Investigate with your internet security software: Perform a virus scan using the internet security software you have installed. This helps you identify the threats. If dangerous files are found, you can either delete or quarantine them. You can delete malicious files manually or automatically using the antivirus software. Manual removal of the malware is only recommended for computer-savvy users.
• Clear your cache to prevent any saved malware from re-infecting your systems. You can do this by opening your browser settings and clearing browsing data.
• When all else fails, restore the default settings. This setting is often located in your control panel and will set your device to factory settings. Do this only after all other options have been exhausted.

Mobile Devices:

How to Remove Android Malware: Android malware results from the download of a malicious app, and you can remove it in a way similar to how you’d resolve desktop-related issues. To remove Android malware from your device, shut down your phone and restart it in safe mode. If you still experience issues, try removing suspicious or unused apps. If all else fails, restore your factory settings. You can also install a mobile security app to prevent future Android malware.

How to Remove iPhone Malware:  The iPhone remains one of the most secure devices because it does not use third-party app stores. Should you experience strange behavior from your iPhone, immediately restart your device. If that doesn’t immediately take care of any problems, clear your iPhone’s data and browser history. If all else fails, restore it to an earlier version.

Shut down any suspicious apps. You can identify malicious apps by limiting downloads to verified sources, such as the App Store or Google Play. Other red flags of infected app usage may include unusually large amounts of data usage.

Final steps: Restore your backup: If you have backed up your data externally or in cloud storage, create a backup of your data that has not yet been encrypted by ransomware. If you don't have any backups, cleaning and restoring your computer is a lot more difficult. To avoid this situation, it is recommended that you regularly create backups. If you tend to forget about such things, use automatic cloud backup services or set alerts in your calendar to remind you