What is Ransomware?
Ransomware is a type of malicious software or computer malware that blocks access to data on a device until a ransom, traditionally in the form of Bitcoin, is paid. The name "ransomware" was coined by tying its function to lock screens and video tutorials providing instructions for victims on how to make payments.
There are two categories of ransomware: type A (free), and type B ($). Type A ransomware can easily be removed with no payment required. Ransomware types B require payments in order for end users or IT specialists to recover their data such as documents, photos, databases, etc.
How Does Ransomware Spread?
Ransomware spreads in a variety of ways. Ransomware can spread via phishing campaigns, weak passwords, drive-by downloads or infected USBs and other types of attacks that can exploit a weakness on the target's machine.
Data breaches are another way ransomware may spread. For example, during the WannaCry outbreak in 2017, a data breach could have been an entry point for attackers to infect systems with ransomware due to how they used Microsoft Office exploits that were known but not patched by Microsoft in March 2017.
How Does L16 Ransomware Work?
L16 Ransomware, also called L16 Alpha Ransomware, is a computer virus designed to encrypt personal documents and make them inaccessible in order to exploit the user for money. L16 Alpha Ransomware should be detected by IT departments as malicious because it can block access to documents which are stored on hard disks or USB drives. L16 Alpha Ransomware is not a variant of any other ransomware strains.
The creators of L16 Alpha started the malware's distribution campaign by sending emails with malicious links to victims. After clicking on the link, the victim navigates to a website that redirects them into clicking on an executable file that installs and locks their computer systems files and demands $US299 in BitCoin (BTC) to unlock them.
How to Remove L16 Ransomware
1) Install your preferred anti-virus software and scan your system with it to detect the presence of malware or viruses on your machine;
2) Delete the bookends program that has been installed so infected media files cannot be reused by the author;
3) Remove the various registry entries that the virus has created in order to prevent Windows from booting properly;
4) Uninstall L16 Alpha Ransomware from your web browsers and systems;
5) Reboot your PC so all traces of L16 Alpha Ransomware have been removed.
How to Protect My Computer From Ransomware
Protecting your computer from ransomware, in some cases, is a simple matter of installing an antivirus program and scanning a system for malware. While not foolproof, such programs should detect and remove 99% of viruses. To be more proactive about protection against ransomware:
- Always use two-factor authentication on any devices with sensitive data.
- Install Microsoft’s EMET (Enhanced Mitigation Experience Toolkit) to protect against zero day exploits like the MS Office exploit attackers used to launch WannaCry
- Verify that mobile operating systems are patched
- Limit admin privileges – only give admin rights on work computers to those who absolutely need them and are trained how to manage them responsibly.
- Install a sandbox application like Cuckoo Sandbox (for Windows or Linux) to detect malware. If the app is not detected as malicious, it is more likely you have a whole new strain of ransomware on your hands.
- Use a robust backup solution that preserves data encryption so that, in the event of a ransomware infection and data loss, restoration takes only minutes (instead of months) with minimal help from IT specialists.