Ransomware attack via pen drive (USB flash drive)

Motivation: Md Mashihoor Rahman (IT Security Analyst)

Last 7th April I came to know about a ransomware attack at a well known company in Dhaka, Bangladesh. The attack occurred through a pen drive (USB flash drive).

On 6th April one of the graphics designers of that company took the pen drive to a local printing shop to get a job done. Till then there was an AI file to print out. But he said the AI file didn’t open in that printing shop. Also, he said when he opened the pen drive folder in that shop, he found a readme file already was in that USB. So, he came back to office and connected that pen drive to his work computer where he had his 16 years of work to input his desire AI file again for printing.

When he inserted the USB flash drive, the computer gave an notification of virus detection but he ignored it. And that was his big mistake. The whole company had a paid antivirus for one year but it was also expired but nobody did not give attention on it. After opening the pen drive he noticed that all his computers file had get a .urnb extension and could not open any file with a readme.txt file. So, he tried to solve it by downloading an antivirus, reinstalling the window again but nothing could help him. It is really obvious that he had no clue what was happening and what it needs to get solved. Even he did not let the IT department know about this problem. On the next day (7th April) he told everybody about this. So, then the company consulted with a security professional but could not find any way to solve it and they lots every data of that computer.

Lose: No financial loses. But the company lost his 16 years of works and designs.

Ransomware Details:

Family – STOP/DJVU ransomware

Extension – .urnb

The URNB ransomware is a malicious program that encrypts the personal documents found on the victim’s computer with the “.urnb” extension, then displays a message which offers to decrypt the data if payment in Bitcoin is made. The instructions are placed on the victim’s desktop in the “_readme.txt” file.

Click here to know more about it.


10 Easy Steps on How to Fix Ransomware

Take note to only follow ALL these steps if you already lost access to your computer and cannot bypass the ransom note that is being displayed on your screen. If you still have access, you may directly proceed to step #7.

  • Step #1: Restart Your Computer.
  • Step #2: Press the F8 key while your computer is booting up.
  • Step #3: Use the arrow keys to select the Safe Mode option on the screen.
  • Step #4: Type rstrui.exe using the text cursor that appears on the screen
  • Step #5: Press Enter.
  • Step #6: In the Windows System Restore screen, choose a date and restore your computer to this point.
  • Step #7: Using another device, download a reputable software tool that has the capacity to disable and delete ransomware attacks from your computer.
  • Step #8: Copy the software installer file and install it on the ransomware-infected device.
  • Step #9: Run a full scan.
  • Step #10: Select all infections detected by the ransomware and delete them from your computer.

If you have a back copy of all your files, you can just conveniently copy them to the now ransomware-free device. But in an unfortunate event that you failed to make a backup copy, there are still few other options you can try to explore.

One is by using a software tool that can recover deleted files in your computer. During a ransomware attack, your actual files will be deleted by the malware and will be replaced by an encrypted replica. That gives you a chance to retrieve lost data by using a data recovery software.

Another tool you can use are online decryption tools that are being offered for free. Though a decryption tool cannot promise its users complete retrieval of all the ransomware-locked data, it will still give you a chance to decrypt at least some of the encrypted files.

Do not wait until a ransomware threat hits you. Protect your computer from the hazards and troubles ransomware attacks can cause. Be knowledgeable not only on how to fix ransomware vulnerabilities but also about how you can combat these malicious malwares in order to ensure the safety of your home and your business from cybercriminals.