Recently the FBI which is also known as the Federal Bureau of Investigation has disclosed the details of a ransomware which is severely infecting users’ devices. The new ransomware is known by the name ‘ProLock’. The presence of this ransomware has targeted people from different spheres of life including healthcare, govt., retail companies, as well as financial organizations.
Before it, the ransomware which is known as PwndLock was prevalent of which the ‘ProLock’ is an evolution. The malware was changed when the scammers got to know that it has been found out by researchers and is no longer effective. Therefore, the useless malware was given a new shape and name.
What is ProLock Ransomware?
The said ransomware follows certain rules for attacking user’s device. This ransomware usually targets those computers which are equipped with substantial assets and other essential data. But, they do the whole process quite slowly and does not trigger any action immediately. They spend a considerable time in recognizing each activity that takes place on the device.
When it finds the information that it is looking for such as document storage, customer info, mail spools, database systems, and so on, the ransomware starts to do its task. When the attacker gains access to your device, he also deletes the backup you have created.
On top of that, the ransomware also steals the data by using the legitimate RClone method. This method is a command-line tool which has been specifically designed to sync and get access to the cloud data of the users.
What does ProLock do to a system?
- First of all, it lands on the users device and decodes its main body and the codes present on it.
- It uses a 32-bit key fir this purpose.
- ProLock, then dynamically declares the Windows API.
- Further, it deletes its remaining shares to stop further accessing.
- After this, it allows itself some privileges to access the data.
- Also, deletes the Volume Shadow Storage, if there is any.
- And finally, it stops the services which are linked with backing up.
Tips avoid ransomware and associated loss
- All the users, on whose systems, there is some valuable data should use a good backup system.
- Make sure you regularly store your data to an offline storage allowing you to access the backup files whenever you need them.
- Beware and stay alert of phishing scams.
- Be smart enough while dealing with attachments.
- If you are using Microsoft Office, then you should never allow macros to run on it.
- You should only allow macros if you know that these are from reliable sources.
- Imply two-factor authentication or multi-factor authentication wherever possible.
- Do not use same password for different platforms.
- Use reputable antivirus on your system such as Norton LifeLock available at norton.com/setup.
- Keep the antivirus solution updated.
Other than the tips mentioned above, you should also make sure to update the operating system of your device and the same goes for other software as well.