Table of Contents
These days when we hear about a new threat it doesn’t come as much of a shock, as malware, ransomware, virus and other online are common these days. Cyber criminals are becoming super active and smart they are finding new and uncommon ways to target user’s data and machine.
A new type of ransomware named Rapid ransomware is spreading quickly. It has infected multiple machines since it was first detected on January 3rd. Rapid ransomware stays active on the system even after encrypting the current files so that it can encrypt the newly created files. This behavior is so far uncommon among ransomware.
Also Read: Top 10 Malware Myths and Facts
How Rapid Ransomware Works?
The ransomware uses various commands to clear Windows shadow volume copies, shuts down database processes – sql.exe, sqlite.exe, oracle.com and disables automatic repair. This command helps ransomware to execute, scan the machine for files and encrypts them.
Once files are encrypted an extension.rapid is appended to the encrypted file name and a ransom note named How Recovery Files.txt is created in various folders and on the desktop. This note asks victim to contact the ransomware developer to receive payment instructions. Not only this, the infection creates a startup entry to display ransom note.
What to Do If System is Already Infected by Rapid Ransomware?
As already discussed, the ransomware stays active even after encrypting the files to infect new files, the victim must shut down the machine as soon as the ransomware is detected. Plus, the victim should open the Windows task manager and end all the processes related to ransomware.
If the machine is rebooted after it was infected the victim will see a process named info.exe, he needs to terminate it. Apart from this if you see any process named rapid.exe terminate it immediately. Once you have terminated all these proceed open msconfig.exe and disable the autoruns at startup. If the ransomware doesn’t let you open the task manager you can boot the system in Safe Mode with Networking and try from there.
How to Stay Protected?
To stay protected from these threats, you need to adopt good computing and security habits. First and foremost, always take backup of the data and use a tool that takes incremental data. This will help you to restore and access data if your machine is compromised.
Use a security software with features that can detect ransomware behavior program on the machine. You can try using Advanced System Protector on Windows and Systweak Anti-Malware on Mac. As this software not only detects threats on signature basis. They detect them on various measures.
Last but not the least, avoid opening unknown attachments, scan attachments before downloading or opening them. Windows update should be installed as soon as they are released and available for download. Always run an update security tool to keep the system protected. Plus, use complex passwords rather than using default or simple password.
Hope you will adopt the above-mentioned measures to stay protected from such attacks. It isn’t difficult to stay protected it depends on us if we want to stay secure or want to be a victim.