The last couple of weeks thousands of Windows users have been infected with the so called Crowti ransomware because they opened email attachments with malware or used unpatched software, according to Microsoft. The malicious emails are usually fake bills or faxes. The ransomware has especially infected users in the United States which accounts for 71% of all infections.
The malicious email attachments are mainly .zip files containing the malware. "f you receive an email that you're not expecting, it’s best to ignore it. Try to validate the source of the email first before clicking on a link or opening the attachment", Microsoft writes on a Technet blog.
Besides by email, the Crowti ransomware also infects systems that contain vulnerabilities in unpatched versions of Adobe Flash and Java. Once the ransomware has infected the system it starts to encrypts files, rendering them unusable. To decrypt the files to get them back in their original state, the malware shows a screen urging to pay a ransom.
Microsoft is clear on whether users should pay or not, "there is no guarantee that paying a ransom will give you access to your files or restore your PC to its pre-infection state. We do not recommend paying the ransom."
To increase the chances of detecting malware, Microsoft encourages users to join their Microsoft Active Protection Service Community (MAPS). Data gathered from MAPS can be used to create better detection, and to respond as fast as possible. The feature is enabled by default for Microsoft Security Essentials and Windows Defender for Windows 8.1.
