How to handle a ransomware report
Being handed a ransomware report is the sort of event which is probably going to put a downer on anybody’s day. How much of a downer, however, depends largely on how well-prepared you are. With that in mind, here is a quick guide on how to handle a ransomware report.
First, you need to figure out what kind of ransomware was used in the attack
There are three main kinds of ransomware. These are scareware, lockware, and encryption ransomware. Scareware works wholly on trickery. Lockware works mostly on trickery. Encryption ransomware, however, really can be a serious threat - unless you are prepared for it.
How to deal with scareware and lockware
Scareware and lockware are essentially variations on a theme. With scareware, the victim simply receives a message which is intended to make them believe they have a problem they need to pay the attacker to have fixed. Just installing a reputable anti-malware problem and having it scan the computer will probably get rid of it without any problems.
Lockware does lock computers, but most of its power is still based on intimidating users into believing that they have a serious problem which they need to pay to resolve. For the most part, however, you can get rid of lockware just by booting into safe mode (with command prompt in Windows) and restoring to a previous time point. Then install a reputable anti-malware program and have it scan your computer.
How to deal with encryption ransomware
Encryption ransomware works very differently from both scareware and lockware. Depending on how well-prepared you are, encryption ransomware can either be an easy problem to solve or an absolute nightmare. In either case, the initial steps are the same. You need to install a reputable anti-malware program and have it scan your computer. This will generally get rid of the ransomware infection itself. It will not, however, decrypt the files.
If you have a data backup, then this is a minor nuisance. You just have to work out which files have been infected and restore from your backup. If, however, you don’t have a backup, then you have to hope that there is a decryption tool available.
Preventing further ransomware attacks
While you will need to do your own post-attack analysis, the chances are that the attack was enabled by one (or both) of two issues. The first is that you did not have an effective anti-malware product in place and the second is that you failed to update your operating systems and locally-installed applications (or were using products which had ceased to be supported by their developers so that no recent updates were available).
One of the great ironies of encryption ransomware is that both of these issues can generally be addressed fairly easily and at little to no cost. There are some excellent anti-malware products available free for personal use and even business-grade products can be purchased at very reasonable prices.
Updates to live operating systems and apps are usually provided free by the vendor (as part of the user license), it’s just a question of making time to install them. Of course, in the real world, sometimes there is no “just” about making time to do anything. If this sounds familiar, then you need to organize either more in-house resources or a contract with a managed IT services vendor.
Make sure that your data backup strategy is encryption-ransomware proof
Local data backups are very vulnerable to the “ricochet effect”, which is basically infected files being copied into them automatically. The main way to protect against this is to have an off-site data backup as well.