How do you know if you have ransomware?
You’ll know if you have ransomware because it will send you a message to tell you. What you need to know is what kind of ransomware you have and what to do about it. With that in mind, here is a quick guide to common forms of ransomware, how to treat them, and how to avoid them.
The main forms of ransomware are scareware, lockware, and encryption ransomware
Scareware and lockware generally target consumers as they are essentially pure social-engineering attacks. Encryption ransomware generally targets organizations as they are likely to have data they need to protect.
Scareware and lockware
Scareware works purely on the power of intimidation. It does absolutely nothing to your computer. Lockware does lock your computer so that you can’t use it, but the lock can be easily bypassed. Most of the power of lockware, therefore, is in the message and the feeling of intimidation it creates.
If your computer displays a message demanding money for any reason, your first course of action should be to install a reputable anti-malware program and have it scan your computer. If you can’t, or that doesn’t work, boot into safe mode and then see if you can install a reputable anti-malware program and have it scan your computer. If you can’t, or that doesn’t work, restore to a previous point in time (before the infection) and then install a reputable anti-malware program and have it scan your computer.
Do this even if the message references encrypted files. This is because it is possible that what the infection is actually scareware, rather ironically, pretending to be encryption ransomware.
Encryption ransomware is the ransomware most companies really fear because it can cause the sort of damage which can sink businesses. As its name suggests, it encrypts some or all of your files in an attempt to force you to pay for the key to decrypt them. It has also been linked to data theft and deliberate take leakage. The big problem with encryption ransomware is that getting rid of the infection does not undo the damage it has already caused.
Getting rid of encryption ransomware itself is usually fairly easy. Typically, you just install a reputable anti-malware program and have it scan your computer. Getting rid of the consequences of a ransomware attack can be anything from minor pain to a major catastrophe.
Data stored unencrypted can be stolen
Encrypting your data won’t protect you against encryption ransomware. Data can be encrypted more than once. It can, however, protect you from data theft. This threat is not exclusive to ransomware attacks, but it is becoming increasingly associated with them.
What seems to be happening is that increasing numbers of individuals and organizations are becoming aware of the threat of ransomware and taking steps to protect themselves against it. As a result, the cybercriminals behind these attacks are having to do everything they can to maximize their profit from the targets they do manage to hit.
If they can steal data during a ransomware attack, they can sell it to third parties to boost their profits (even if you pay the ransom) or they can expose it on the internet to cause you embarrassment and to intimidate future victims.
Local data backups are very vulnerable to ransomware attacks
It’s best to work on the assumption that any attack which can compromise your production system can also compromise your local data backup. In the case of ransomware, this commonly occurs by the encryption being registered as an update to a file which then causes it to be automatically copied to the local data backup, overwriting any healthy file which was already there.
The way to protect against this is to couple a local data backup with an off-site data backup which is entirely separate from your main system. Ideally, you should be able to restore to different time points, in case there is a delay in recognizing that you have been attacked.
You must have robust anti-malware protection in place
If you are successfully attacked by ransomware, your best-case result is that you go through the hassle and lost productivity of having to restore from a backup, probably your off-site backup. Even this is an inconvenience and financial hit you would probably prefer to avoid. This means that you need to do everything possible to stop ransomware from getting into your system in the first place.
Your first line of defense is a robust anti-malware program from a reputable security company. Your second line of defense is to make sure that all operating systems and locally-installed applications are promptly updated. If necessary, get an IT managed services provider to take care of this for you.
Please click here now to start your free 30-day trial of Comodo AEP.