Ransomware and encryption Trojans infect computers and smartphones and encrypt all data. They also spread to external hard drives and further devices in the network and also target possible backups. The decryption of the data is only possible with special software which you will receive after payment of a ransom to the cyber criminals.<\/p>\n\n\n\n
A Ransomware encrypts<\/strong> all data on your computer bit by bit. If you notice that such a process has started, immediately<\/strong> disconnect the network\/Wi-Fi connection and remove external hard drives and USB sticks. In this way you can potentially still prevent the malware from being distributed to further devices. <\/p>\n\n\n\n Some Ransomware also threaten to publish your personal data, like photos or videos in the Internet, if a payment deadline is missed. However, so far, no case has become known in which such data is actually published. <\/p>\n\n\n\n Other Ransomware simulate a police or federal police message stating in which illegal content such as child sexual abuse material has allegedly been found on your device. This does not apply either. The messages from the cyber criminals simply serve to make you pay the ransom.<\/p>\n<\/div><\/div>\n\n\n\n Under no circumstances should you pay a ransom to cyber criminals. This is a general recommendation from law enforcement agencies like the Federal Police, but also from all IT security experts.\u00a0 Should you be blackmailed as a company:<\/strong><\/p>\n\n\n\n Landeskriminalamt NRW<\/strong> Cologne Public Prosecutor’s Office:<\/strong> Should you be blackmailed as a private individual:<\/strong> Never make direct contact with blackmailers without coordinating with the Landeskriminalamt.<\/strong><\/p>\n<\/div><\/div>\n\n\n\n Check your entire network for further infections on other devices or systems, if necessary with the help of external experts. <\/p>\n\n\n\n Initially, do not make any independent attempt to remove the malware. Only in this way is it possible for the police to secure evidence and initiate investigations. <\/p>\n\n\n\n The police experts will give you further recommendations for action. <\/p>\n\n\n\n In general, in the case of a large-scale infection in your company, you should additionally involve external experts.<\/p>\n<\/div><\/div>\n\n\n\n There are a number of Ransomware for which IT security experts have managed to develop a decryptor which will decrypt the data, but by no means for all. <\/p>\n\n\n\n The\u00a0Ransomware Gallery<\/a>\u00a0on botfrei.de lists the available decryptors for particular varieties of Ransomware. They include instructions on how to remove the Ransomware. They include instructions on how to remove the Ransomware.\u00a0<\/p>\n\n\n\n Another way of restoring your system is to restore your last backup<\/strong> – if this has not also been encrypted.<\/p>\n<\/div><\/div>\n\n\n\n Many variants of Ransomware use complex encryptions and are considered to be “uncrackable”. Every once in a while someone does manage to develop a decryptor that works. However, this can take months or even years. <\/p>\n\n\n\n Users often only have the option of reinstalling their systems or restoring a back-up. In particular, the companies should research the source of infection when hit by ransomware, and check internal processes and security settings. This way any weak points can be dealt with for the future. <\/p>\n\n\n\n Companies should not neglect training and awareness-raising for staff on IT security matters. <\/p>\n\n\n\n Cyber criminals often look for the weakest link in companies, which mean this topic affects each and every member of staff.<\/p>\n<\/div><\/div>\n\n\n\n Botfree.eu:\u00a0Portal with a Ransomware Gallery<\/a> Ransomware and encryption Trojans infect computers and smartphones and encrypt all data. They also spread to external hard drives and further devices in the network and also target possible backups. The decryption of the data is only possible with special software which you will receive after payment of a ransom…Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":704,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"inline_featured_image":false,"footnotes":""},"_links":{"self":[{"href":"https:\/\/www.susii.nrw\/en\/wp-json\/wp\/v2\/pages\/712"}],"collection":[{"href":"https:\/\/www.susii.nrw\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.susii.nrw\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.susii.nrw\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.susii.nrw\/en\/wp-json\/wp\/v2\/comments?post=712"}],"version-history":[{"count":2,"href":"https:\/\/www.susii.nrw\/en\/wp-json\/wp\/v2\/pages\/712\/revisions"}],"predecessor-version":[{"id":809,"href":"https:\/\/www.susii.nrw\/en\/wp-json\/wp\/v2\/pages\/712\/revisions\/809"}],"up":[{"embeddable":true,"href":"https:\/\/www.susii.nrw\/en\/wp-json\/wp\/v2\/pages\/704"}],"wp:attachment":[{"href":"https:\/\/www.susii.nrw\/en\/wp-json\/wp\/v2\/media?parent=712"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Never pay a ransom!<\/h2>
Companies should always report cases of Ransomware infection to the police, as this is a criminal act in the sense of\u00a0\u00a7253 StGB<\/a>, German Criminal Code.\u00a0<\/p>\n\n\n\n
The NRW Landeskriminalamt’s Single Point of Contact for Cybercrime is available around the clock:
Single Point of Contact
Email: cybercrime.lka@polizei.nrw.de
Telephone: +49 211 939-4040 <\/p>\n\n\n\n
ZAC NRW, which is headed by Senior Public Prosecutor Markus Hartmann, also investigates itself and performs some special functions within the judiciary in North Rhine-Westphalia
Email: zac@sta-koeln.nrw.de
Telephone: +49 221 477 4922 (24\/7-Hotline for enterprises and critical infrastructures). <\/p>\n\n\n\n
Competent specialized commissariats for Cologne:
Computerkriminalit\u00e4t:<\/strong> Kriminalkommissariat 35, Telephone + 49 221 229 8355
Allgemeiner Computerbetrug:<\/strong> Kriminalkommissariat 33, Telephone +49 221 229 8335
Computerkriminalit\u00e4t Pr\u00e4vention:<\/strong> Kriminalkommissariat Pr\u00e4vention\/Opferschutz, Telephone +49 221 229 8655,
Email:<\/strong> poststelle.koeln@polizei.nrw.de
The services are available weekdays between 07:30 – 16:00.
Alternatively, you can file an criminal complaint online<\/a> with the police. <\/p>\n\n\n\nAscertain damage<\/h2>
How to remove Ransomware<\/h2>
Removal not possible<\/h2>
It is still a good idea to save and keep the encrypted files before reinstalling the system. If a decryptor does become available later, then they can be decrypted.<\/p>\n<\/div><\/div>\n\n\n\nDiscovering the cause<\/h2>
Related links<\/h2>
Botfrei-Forum:\u00a0The Help Forum of the German Anti-Botnet Advisory Center<\/a>
BSI for Citizens:\u00a0Information from the BSI on Ramsomware\u00a0<\/a>
Heise.de:\u00a0Thematic website on Ransomware at Heise<\/a>
ID Ransomware:\u00a0Alternative to Botfree’s Ransomware Gallery<\/a>
nomoreransom.org:\u00a0Help page run by Europol and international anti-virus companies AV companies<\/a><\/p>\n<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"