If you turned on your computer one day and found that all of your files are encrypted and you have to pay $500 to unlock them, you are probably a victim of a ransomware program called KeyHolder. Without a way to be sure that you will receive your decryption key once the money is paid, you should look at other ways to recover from this devastating attack and make sure that it never happens to you again. Fortunately for you, that is precisely what this article is about.
While there is not much you can do when KeyHolder has already taken hold of your system, educating yourself about the way programs like this get on your computer is certainly useful. This ransomware is mainly distributed through spam email attachments. When you open a legitimate-looking attachment, KeyHolder runs on your system. Email attachments could also contain exploits that are downloaded to your system when you open them. Then, cybercriminals could gain access to your computer. They could run KeyHolder and wait for your files to be encrypted. Criminals can do it quickly and then go look for other victims. Companies and individuals who have extremely important files they can’t afford to lose on their system are especially vulnerable.
When activated, KeyHolder can hibernate for any amount of time. It quietly encrypts all files and does not allow its presence to be detected until completely done with its work. When its task is complete, KeyHolder deletes itself from your system, leaving a notice that you have to pay a ransom if you want to regain access to your files.
When your files are already being held for ransom, there is not much you can do, unless you regularly back up your data to external hard drives or cloud storage. If you have them backed up on external storage space, it is a great idea to download a powerful antimalware tool, like SpyHunter. It will delete any traces of KeyHolder that might be left, as well as all other dangerous threats that could be lying dormant, before your restore your data.
Our security researchers found that built-in Windows restore points and various third-party system restore programs are often less than useful, as KeyHolder can recognize and delete the files required to run them. Already existing backups on external sources are the only way to regain access to your data without paying up.
Even if you have not backed up your files, paying the money is like negotiating with terrorists, so it should not be done except for extreme cases. It is possible that paying the ransom will get your files unlocked, however, you can never know for sure. The people who run KeyHolder are, simply put, criminals. Your files’ fate could depend wholly on their whims. This needs to be seriously considered when debating paying the ransom.
Speaking about the ways to avoid massive damage when KeyHolder wrecks the contents of your hard drives, a three-pronged approach to security is the best. First, you should always take care to back up your files on a different platform, be it an external drive or a cloud service you like. You should also delete any emails from sources you do not trust without opening them. Make sure your operating system, drivers, and software are all up-to-date to minimize the ways your system could be exploited to run KeyHolder and similar malware without your permission. Finally, it’s a very good idea to use a professional antimalware tool, like SpyHunter. While it cannot decrypt your files, it can do a great job at catching any spyware, malware, or potentially unwanted programs that could weaken you computer security, making it harder for KeyHolder and similar programs, like Cryptowall and Cryptobit, to gain a foothold in your system.
If you are one of the security-conscious individuals that back up their data on external drives or the cloud, you should format your hard drives, install a fresh copy of Windows, ensure the security of your system as much as possible, and then restore your data. Remember this experience and take your security seriously. Regular execution of safety procedures is the only way to protect yourself from KeyHolder. It can also protect you from many other dangerous threats that are aplenty on the Internet.
Windows 7
Windows 8
Windows 8.1
Windows XP