How to identify ransomware and what to do about it
It’s easy to identify ransomware by the fact that it displays a message on screen demanding payment. What you need to know is how to deal with the different forms of ransomware. With that in mind, here is a guide on how to identify ransomware and what to do about it.
Understanding the three main forms of ransomware
The three main forms of ransomware are scareware, lockware, and encryption ransomware. Scareware and lockware are both, essentially, intimidation tactics.
Scareware sends a frightening message intended to make people pay up. Lockware actually does make your device freeze. It is, however, very easy to undo this, as long as you keep calm. This means that, as with scareware, the real power of lockware is in the message it sends.
Encryption ransomware, by contrast, really does encrypt some or all of your files and the only way to decrypt them is to use the right decryption key. This means that cyberattackers do not need to send intimidating messages. They just need to tell you how much they want, by when and in what way.
There is, however, a slight twist on this in that scareware can try to pass itself off as encryption ransomware. You should be able to identify this fairly quickly as long as you keep calm.
Dealing with a ransomware infection
Dealing with a ransomware infection itself is usually quite easy. For scareware and encryption ransomware all you generally need to do is install a reputable anti-malware program and have it scan your computer. For lockware, boot into safe mode and see if you can install a reputable anti-malware program and have it scan your computer. If that doesn’t work, restore to a previous time point (before the attack) and then install a reputable anti-malware program and have it scan your computer.
If you’re dealing with scareware or lockware then, in practical terms, that will be the end of the matter. It is, however, advisable to see if you can work out how the infection got into your system in the first place and take steps to deal with it. If, however, you’re dealing with encryption ransomware then you still need to take action to restore the encrypted files from a backup. This should emphasize the importance of having a ransomware-proof data backup.
Storing your data safely
Although your aim should always be to prevent ransomware from entering into your system, it’s very much recommended to think about how you can protect yourself from its worst effects if your defenses fail. There are two key steps to making this happen.
First of all, you need to store all sensitive data encrypted. The practical definition of sensitive data is “data you want to keep private”. As a minimum, you should encrypt any personally-identifiable data. This includes data from your own employees.
It is impossible to overstate the importance of this since encryption ransomware attacks are increasingly being combined with data theft and having personal data stolen could, rather ironically, land you on the wrong side of the law.
Secondly, you need to ensure that you have a ransomware-proof data backup system. This means that you need an off-site data backup as well as a local one. This is because local data backups are just too vulnerable to compromise if the production system is attacked.
Ideally, you want to be able to restore to different time points so you have a bit of breathing space if it takes time to pick up on the attack. You could reduce the cost of holding onto older databases by moving them into slower storage.
Preventing ransomware attacks
Your first line of defense against ransomware is a robust anti-malware program from a reputable cybersecurity company (i.e. not one of the default security applications bundled with the main operating systems). You want one with an integrated firewall and, these days, a cloud-based option is generally the most sensible approach. That way the vendor takes care of all the updates and the majority of the storage and processing is pushed onto the back-end servers. This reduces the load on local devices.
Your second line of defense against ransomware is to make sure that your operating systems and locally-installed applications are all updated promptly. Ideally, they should be updated literally as soon as a security-related patch is released. In the real world, you might want to wait a day or two to ensure that the updates don’t create any major issues, but then you need to make a decision and the decision should generally be to go ahead with the update.
Please click here now to start your free 30-day trial of Comodo AEP.