"Ransonware Attack" - What It Is And What It Does To Your PC

Ransonware Attack

Ransonware viruses that encrypts your computer files

Ransomware Attack

Last August of this year, I received a message via Facebook Messenger that their disbursement program was somewhat deleted or was no longer available. I instructed the person in-charge to send me a screenshot of the files in the drive's folder wherein the disbursement program is located. I noticed that the files' extensions where replaced with ".orkf", thus, making it hard for her to execute the program.

I searched the file over the Internet and learned that Orkf virus is a ransomware that originates from the DJVU/STOP family. It encrypts the file making it impossible to open at all unless you will pay a ransom fee ($490 - $980) in BitCoin. The virus also install the Azorult Spyware on system to steal account credentials, desktop files, and more.

I requested the person in-charge of the disbursement to request assistance from the IT staff to have the PC checked for any viruses and malwares. Actions were taken to remove the Orkf virus and to recover the files but all to no avail. The least that the IT people can do is to reformat the PC. They requested me to check and verify the latest clean copy of files available in the PC. I verified the backup files only to found out that the latest records were dated way back in 2008. That is a big task to do encoding the rest of the files until the current period. I gave them options whether to encode the missing records (a tiresome process) or to pay the ransom fee to decrypt the files (quite a hefty sum), or to purchase the software that will restore their files (cost better). They instead asked me if I can find ways to recover the files without encoding all of it. I told them I will try to find a remedy and after several searches in the Internet for any database repair programs capable of displaying the records on screen, I finally found one. The process of retrieving the records is somewhat tricky but can save time than encoding the records manually. But it is still safe to have your hardware ransomware protection to evade such attacks in the near future. There are lots of ransomware virus removal software in the market today.

So what did I do to recover the records from the infected database files?

I used the software that can display the records on screen. I took a screenshot of the screen and saved it as an image file (.PNG) and had it converted to either Word or Excel. I uploaded the converted file to Excel and checked for any distorted records (seldom you can accurately convert all the text format from an image). The Excel file can then be copied to the database table of the disbursement program. Somewhat tricky but worth at it. I already recovered one database (the latest records were dated May of this year) and the recovered records had been randomly verified. The results are 99% accurate. The process of recovery only took 1 day while encoding the records manually will take weeks.

How does your PC got infected?

There are some possible ways your PC got infected with ransomware:

Installing free software from the Internet
Clicking links in spam emails which will lead to virus installer
Downloading pirated software via peer-to-peer resources that includes BitTorrent, Limewire, etc.

There are lots of available software that can remove Orkf virus if you are willing to pay for one. the price is worth the effort to reencode your records especially if the infected file is a big database. Ransomware protection is still the best investment rather that paying for the ransom or having your encrypted files decrypted by other software. Just Google search the best ransomware virus removal software in the market.

There is no guaranteed way to prevent your PC from getting infected with ransomware viruses unless you have purchased ransomware protection software. Just evade the 3 possible ways described above and always keep a regular backup of all your important files. Regularly check your PC for any viruses and malwares.