Mark Russinovich: Hunt and Kill Ransomware
In his most recent blog post, Microsoft’s Mark Russinovich addresses Hunting Down and Killing Ransomware, a type of scamware/scareware that pretends to be antivirus or antimalware software and tries to scare users into paying a “ransom” to have all those dangerous threats removed. This type of malware is a problem on corporate networks because it often will block real antivirus software from running, exposing the systems to more threats. And in some cases, it will shut down the ability to run business applications so the user is unable to get any work done.
Mark’s post not only gives you an education about this type of malware and how it works, but also provides instructions on how to use the Sysinternals Autoruns tool to find it and kill it.