Table of Contents
What is Ransomware?
Ransomware is a type of malware that has the intent to extort money from computer users by blocking access to their systems or files. The malware generally encrypts data files on the user's system and then offers to decrypt them after the payment of a ransom.
How Does Ransomware Spread?
Ransomware is often sent as an attachment to spam email messages or downloaded from a website that has been hacked. Once executed, ransomware can enter your system through various methods, such as by exploiting security vulnerabilities in your browser or by tricking you into opening it.
How Does Handshake Ransomware Work?
Handshake Ransomware starts by scanning for browsing software. It relies on a list of known vulnerabilities that can be exploited to deliver malware onto the system through browser plugins or by social engineering. These vulnerabilities have been spotted with recent versions of the following software:
Adobe Flash Player
Java Runtime Environment (JRE)
The scan for these third-party applications may be triggered by a file which is named either FlashPlayer-Update.exe, Silverlight-4.1.10411.0-Installer.exe or JavaUpdater.exe, depending on which application was found to be installed on the computer system. After scanning, Handshake Ransomware looks for any file that is a .exe extension, follows a certain pattern and is named like the executable with the word "installer" in its name:
<%.exe (e.g. Handshake Ransomware installer.exe)
Once these conditions are met, it will look for specific keywords in each file's header: "installer", "update", "activate.bat", "deactivate.bat" or "deactivate.msi". If it finds this pattern, Handshake Ransomware will encrypt the file with a strong encryption algorithm and display an alert message that demands payment to unlock the data.
The malware is able to encrypt any file on your system which has a .exe extension, including .jpg, .avi, .mp3 and even music and video files. You can get rid of this threat by ensuring that you are running up-to-date software on your computer.
If you see this message on your computer screen, please note that it is impossible to decrypt such files. Although you can delete Handshake Ransomware, it might not be possible to recover all of the data that has been encrypted and lost forever.
How to Remove Handshake Ransomware
Handshake Ransomware is unlike most ransomware because it doesn't encrypt the entire hard drive; it only encrypts a subset of files. This means that if you are able to remove the Handshake Ransomware, not all your data will be lost.
To remove Handshake Ransomware, you'll need to restart your computer in safe mode and run an antivirus and anti-malware program. It's difficult to recommend any specific product or service for removing Handshake Ransomware because of the wide variety of antivirus and anti-malware products available.
Note: The free versions of these programs generally do not have the ability to remove Handshake Ransomware.
How to Protect My Computer From Ransomware
There are a few ways to protect your computer against ransomware. Below are a few of the most important tips for keeping your computer ransomware-free.
Always keep your software updated. This is also the best way to ensure that you have the latest security patches and bug fixes for your system. Most software includes an auto-update feature or will notify you when it is time for an update.
Do not open attachments, links, or downloads from email messages from unknown sources. Ransomware has been known to spread this way, so be cautious what you click on. Ransomware has been known to spread this way, so be cautious what you click on. Look out for suspicious websites.
Don't enter personal information or payment details on any sites that you don't recognise.
Don't download software from "freeware" websites unless you have verified that this is the original publisher of the application. There are many fake and malicious websites that appear to offer legitimate software for free, but instead deliver malware disguised as a "free" program.
Use two-factor authentication on your computer and for logins to all online accounts, including email and other social media.