A new form of ransomware is being distributed through drive-by attacks, but victims can retrieve their locked files for free due to mistakes in the attack’s code.
Shrug ransomware first appeared in the wild on July 6, and comes embedded in fake software and gaming apps. Those who get tricked into downloading and running the file-encrypting malware are met with an extensive and mocking ransom note penned by an attacker calling themselves Martha.
More information here
In order for the ransomware to fully succeed in encrypting your files, it needs to connect to its key server. This essentially means that there is a window of opportunity to protect your computer by interrupting the encryption process. Many AV vendors have blocklists incorporated in their products; there are also publicly available ones, like the one maintained by abuse.ch. Ideally though the best mitigation by far is to perform regular backups of your data and either store them off-line, or have a version control system.
First of all, do not panic! A good starting point is to establish whether you can get your files back using one of the decryptors published in nomoreransom.org: Access Crypto Sheriff. You will need to upload two of your encrypted files and hopefully you will be directed to the right decryptor.
For more info, please visit The No More Ransom Project.