Official Microsoft warning for MILLIONS of Americans over ‘ransomware’ attack that holds your PC hostage
MICROSOFT has urged users to be wary of ransomware that's been attacking PCs for over a year now.
On Thursday, the tech giant released a warning users about ransomware that tracks as 'DEV-0530'.
Microsoft linked the ransomware, which has been active since June 2021, to a North Korean group known as 'H0lyGh0st'.
Ransomware is a type of malware that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid.
HOlyGhOst utilizes a ransomware payload with the same name for its campaigns.
They also use a '.onion' site to interact with their victims for extortion purposes.
Read more on Microsoft
How does this ransomware work?
First, the group encrypts all files on the target device and then uses the file extension '.h0lyenc' to send the victim a sample of the files as proof.
They then demand payment in Bitcoin in exchange for restoring access to the files.
"As part of their extortion tactics, they also threaten to publish victim data on social media or send the data to the victims’ customers if they refuse to pay," Microsoft said.
Most read in Tech
Since September 2021, the threat actor collective has successfully compromised a number of small businesses in multiple countries.
Microsoft said that it has notified customers that have been targeted or comprised directly.
It also offered them the information they need to secure their accounts.
However, if you want to be proactive there are steps you can take to mitigate your risks of getting targeted.
How can I protect myself?
Microsoft users are advised to run Microsoft Defender Antivirus and Microsoft Defender for Endpoint on their devices.
Read More On The Sun
The tech giant also encourages all organizations to implement and frequently test a data backup and restore plan for their files.
Small or mid-size organizations should enable Microsoft Defender for Business or Microsoft 365 Business Premium.