The recent spate of global ransomware attacks has raised awareness of this cyber-threat among corporations, governments, and private citizens. This attention has yielded a flurry of preventative prescriptions. Here are some rapid response measures to implement if you are hit with a ransomware attack.
Ransomware presents a unique challenge to both individuals and corporations. The initial response is not to identify the attacker, but rather to first stop the attack from spreading and then to rescue as much data as possible.
How do you know if you’ve been hit? Usually victims are notified of the deployed ransomware when a notification pops up on their monitor, however that is not always the case. You might discover your system is infected when previously accessible files are suddenly un-openable, or seeing known files with new extensions such as .crypto or .locked.
First step; immediately disconnect from the network and the internet. You should also disconnect any external drives and file servers. The malware can spread to these devices as well and start to encrypt the files on those external devices or servers. Once ransomware has identified via an anti-virus or malware blocker program, immediately power down your system. This measure will prevent the malware from spreading, encrypting more files, and can greatly help data recovery experts recover files.
The recovery process will depend on the sophistication of the ransomware you have been infected with and value of your date. Some ransomware encryption methods have known flaws and others are known as ‘fake’ ransomware that only change the name or extension of files without actually encrypting. If the specific malware is not decryptable, you will need to restore your files from a backup. If you don’t have a backup, then we need to evaluate the value of your data. Are you dealing with health care data, PII information or financial information? In these cases, you may want to reference the instructions provided by the attacker on how to pay the ransom. Paying the ransom without consulting an expert first is not recommended, but ultimately the decision is yours.
As you will have learned the value of pre-emptive cyber-safety the hard way, you will likely be eager to take the necessary steps to prevent these types of infections in the future. You should start anew with your computer by reinstalling the operating system and all programs. Restore your user files from a known backup or existing files verified as clean. Install reliable anti-virus and anti-malware solutions. Make sure to keep up with operating system updates as they can patch flaws used to prorogate this type of malware throughout your system.
As always, be careful with the links you click in both web browsers and emails. If they look suspicious or something seems wrong, it is best to take prudent steps in verifying the website or email source.