Foreword: In recent years, network ransomware viruses have been rampant on the Internet. I believe that many people have been infected. Especially some corporate users have to compromise and purchase private keys to decrypt from hackers because their data is relatively important. . This also gives cybercriminals a taste of the sweetness. The .Devos ransomware virus is a relatively active virus recently. It is favored by hackers for its encryption speed. It often successfully encrypts all data as soon as the user reacts to the virus on their computer. Very scary.
One: Invasion method.
1. The website is hacked. Users browse websites with security threats, and passwords are implanted in the system.
2. Email dissemination. Attackers spread spam/phishing emails in a wide manner. Once the recipient opens the email attachment or clicks on the link address in the email, the ransomware will be installed silently and invisible to the user.
3. Vulnerability propagation. Attack users via vulnerabilities in the network/system/application.
4. Bundle communication. Bundled with other malware.
5. Media communication. Removable storage media, local and remote drives and network shares, social media.
Two: How to prevent it?
1. Do not open emails from strangers or unknown sources to prevent attacks through email attachments;
2. Try not to click on the office macro running prompt to avoid virus infection from office components;
3. Download the required software from the official (official website). Do not double-click to open files with suffix names such as .js and .vbs;
4. Upgrade to the latest anti-virus and other security signature libraries;
5. Upgrade anti-virus software to the latest anti-virus library to prevent attacks by existing virus samples;
6. Regularly Back up important data and files on your computer off-site so that they can be restored in case of a virus.
Three: Emergency measures.
1. First of all, do not pay the ransom. Paying the ransom will only increase the amount of the other party's extortion, and there is no guarantee that the files can be decrypted.
2. Cut off the network to prevent further spread of ransomware, so as not to bring down the entire network system.
3. Contact a professional virus removal company as soon as possible. A professional virus removal company will use a variety of virus removal software to clean the computer system according to the computer system architecture in order to completely remove the ransomware virus.
4. If the file has been encrypted, you can try to use the system's backup function to restore it, but this may not be successful. After all, the backup may also be infected by viruses.
5. Contact the security agency. The security agency can characterize the virus based on its characteristics and provide targeted solutions to eliminate the ransomware virus as soon as possible.
Four: How to recover data.
Two methods:
The first is to pay a ransom as required to obtain the private key, but I do not recommend this method, because a large number of cases have proven that after paying the ransom, criminals will immediately increase the amount of money, ask for a price increase, and even stop wasting time replying to emails. .
The second is to find a domestic company that specializes in data recovery and seek their help. After identifying the virus software you have, they will give you the most professional solution. Currently, 99% of the viruses on the market are Decryption can be successful and the probability of file recovery is close to 100%.