How to recover from ransomware
The best way to recover from ransomware is to restore from a data backup. If you can’t do that, then you may be able to recover from ransomware by using software tools, but you will need quite a bit of luck on your side. That being so, it is really important to focus on preventing ransomware in the first place and making sure that you are protected with a data backup so you can restore easily if it does strike.
Recover from ransomware
Having just said that, if it is too late for prevention, it’s worth seeing what you can do about a cure. With that in mind, here is a quick rundown of how to recover from ransomware.
This is most prevalent in the consumer world. As its name suggests, it doesn’t actually cause any real damage, it just sends a frightening message to try to intimidate the victim into paying the attacker. Ignore the message, sign up for a reputable anti-malware program, and have it scan your device.
This is also generally found in the consumer world. Lockware locks the victim out of their computer, but you can usually deal with it by booting into safe mode (with command prompt in Windows), restoring to an earlier date (i.e. before the infection) and then sign up for a reputable anti-malware program and have it scan your device.
When businesses talk about ransomware, this is what they tend to mean. In this situation, the problem isn’t usually getting rid of the ransomware itself. That’s usually just a matter of signing up for a reputable anti-malware program and having it scan your device. The problem is that getting rid of the ransomware will not decrypt your files. Only the decryption key will do that.
This means that unless you have a backup, you have to cross your fingers and hope that there is a publically-available decryption tool for the form of ransomware that was used to attack you.
There are online ransomware identifiers that can analyze the ransom note and the sample files which are usually sent with it to see what form of ransomware was most likely to have been used for the attack. They may also be able to tell you if there is a decryption tool available for it. If they don’t or they say there isn’t, you can still try having a look around the internet.
Even if you do find a tool that says it can decrypt your files, it’s advisable to keep your expectations low. Ransomware is so lucrative, the people behind it have both the means and the motive to keep it regularly updated and hence one step ahead of security tools.
You can protect yourself against all forms of ransomware in the same way you can protect yourself against malware in general. This means you need a robust anti-malware product with a firewall and an effective strategy for making sure that all your online devices are always updated promptly.
Your anti-malware product needs to be backed by a reputable brand and be able to scan websites, downloadable files (especially email attachments). It also needs to have a firewall, unless you are willing to go to the expense and hassle of purchasing a separate firewall and it’s hard to see how that would be justified.
The most practical option is generally to look for a cloud-based product. This means that all updates are managed by the vendor, you don’t need to arrange for them to be downloaded and installed locally. This saves time and also reduces the burden on local devices.
Updates to operating systems and other applications will need to be installed locally and this must be done promptly. If you know that organizing updates is a weak point in your organization, then you need to fix this as a priority. Either make sure in-house resources are always available or arrange for an IT managed services vendor to take care of this for you.
Protecting yourself against ransomware
You need to be very aware of the fact that even the best security precautions in the world cannot guarantee you 100% protection against all malware or even against all ransomware. Your Plan B, therefore, is to restore from a data backup and you need to assume that this will be an off-site data backup as local data backups are easily compromised if a production system is attacked.
It’s also highly recommended to store sensitive data encrypted, especially if it qualifies as personal data. This won’t stop ransomware but it will stop data theft.