While computers are a common sight in today’s households, not everyone knows what must be done when their devices act up. Naturally, a lot of people get anxious when their computers display a message that says: “All of your files are encrypted with RSA-2048 and AES-128 ciphers”. In addition, computer users also receive instructions on how to get back the files which usually involve payment of some kind. Read to the end if you like to bring your computer back to normal and don’t agree to pay anything.
What Is Going On
Overall, the “all of your files are encrypted with RSA-2048 and AES-128 ciphers” message is the tell-tale sign of ransomware attacks. RSA-2048 and AES-128 are encryption algorithms that ransomware uses to lock out access to files on infected computers.
In case you don’t know, ransomware is a type of malicious software that encrypts the personal data of users after they get into the system. Usually, ransomware aims to collect a ransom from the owners of infected computers who wish to regain access to their files. If people opt to pay the ransom, the one behind the attack should send a key that removes the encryption. On the other hand, failure to pay means files would stay encrypted and in the worst-case scenario, people can no longer use their devices.
At the moment, Locky is one of the prominent ransomware associated with RSA-2048 and AES-128 encryption algorithms. Locky spreads via email attachments claimed to contain curriculum vitae, an invoice, receipt, bill, or even a job offer. In most of the cases, people can keep Locky out if they don’t open email attachments carelessly. Locky is only able to work once computer users grant them access.
Dealing With The Ransomware: Suggestions
The moment you let the ransomware run, all of your documents, pictures, apps and so on will be encrypted. Following encryption, your files will have gibberish names that feature a couple of file extensions (.locky, .odin, .thor, .osiri, etc).
Removal Tool
The message indicates that all your files are encrypted with RSA-2048 and AES-128 encryption. Hence, you can decrypt the files using a RSA-2048 and AES-128 removal tool.
- Step 1. Run the removal tool then press Start Computer Scan so the tool could scan your computer. Allow the scan to run all the way to the end.
- Step 2. Once the scan wraps up, you should see a list of all the malicious software and potential threats in your system.
- Step 3. For your PC to resume normal operation, hit Remove All Threats. Follow the instructions.
If you do not trust any removal tool out there, you can try the Microsoft Safety Scanner or Malwarebytes (with both free and paid versions). They will allow you to perform a full scan of your computer and address files that may be infected. Unfortunately, since deletion of any malicious files involves deleting them from your system, there is a high risk of data loss.
Safe Mode (With Networking)
A lot of ransomware pulls out once they have managed to encrypt files on computers. That being said, some linger and get in the way as people run removal tools, scan the device, … On the bright side, there is a workaround: safe mode with networking.
- Step 1: Open Start menu, type msconfig and hit Enter to open System Configuration.
- Step 2: In System Configuration, navigate to Boot tab.
- Step 3: Tick Safe Mode and click Apply.
- Step 4: You will see a prompt so click Restart.
In Safe Mode, ransomware cannot operate. That is going to help you access the Internet and search for the antimalware tool unobstructed. Download and install the tool, run a complete scan on the computer and dispose of everything that looks suspicious.
Recovery
As much as you want to regain control over your PC, you don’t want to lose the docs and applications you have in it. Hence, you should give recovery some thought.
Backup
The advantage of having a backup is that when your computer becomes compromised, you can restore all of the files.
- Step 1: Press Windows +I to open Settings.
- Step 2: Go to Update and Security>Backup> Backup using File History.
- Step 3: Click More Options. After that, click Restore Files from a Current Backup.
- Step 4: A pop-up will appear allowing you to enter the file name of the backup that you want to use.
- Step 5: Select the latest version Windows provides.
- Step 6: Hit Restore to begin the recovery of files.
System Restore
If you don’t have a backup, you can still make use of System Restore of the Windows operating system. System Restore enables you to revert the system to a point in the past. Let’s hope that the point you choose predates the introduction of the ransomware.
- Step 1: Go to Control Panel
- Step 2: Hit Recovery then open System Restore.
- Step3: Press Next in the pop-up window and you should see that the Automatic Restore Point is created.
- Step 4: Once you select and confirm the restore point, your system will restart and go back in time.
Note: You may also manually define the restore point by going to Configure Restore Point.
What Happens As The Ransomware Works Its Way Into My System?
All your documents will be replaced by strange filenames and unusual extensions. When you delete these files, it is possible that you can no longer restore them.
How Much Is A Ransom Of 0.5BTC Worth?
0.5BTC is equal to around $23,105.
Tips & Tricks
- It’s a wise decision to back up your files, but it’s wiser when you configure a cloud-based backup of all your files, particularly the most important ones.
- Never open attachments from suspicious mailers or access suspect websites. Always exercise caution, especially if the risk is quite high.
- Be vigilant to certain files with extensions .exe, .cmd, .js, .vbs, .hta, .scr, .docm, especially from zip archives.
Michael Kan has been with Ginno Security Lab since October 2017, covering a wide range of topics, including consumer electronics, cybersecurity, social media, networking, and gaming. Prior to working at Ginno Security Lab he was a foreign correspondent in Beijing for over five years, covering the tech scene in Asia.
Areas of Expertise: Michael Kan has been working as a journalist for about 15 years— He start as a schools and cities reporter in Kansas City. Amazingly he is still here. Lately, he has been following SpaceX’s Starlink network, emerging online cyber threats, and the PC graphics card market (which led him to camp out in front of a Best Buy to get an RTX 3000). He is always eager to learn more, so please jump in the comments with feedback and send he tips.
The Best Tech he has Had:
- First video game console: a Nintendo Famicom
- Sega Saturn despite PlayStation’s popularity.
- The iPod Video received as a gift in college
- Xbox 360 FTW
- The Galaxy Nexus was the first smartphone he was proud to own.
- The PC desktop he built in 2013, which still works to this day.
