What to do if infected with ransomware
The sad reality is that ransomware is now such a widespread threat that most people are probably going to have to deal with it at some point. With that in mind, here is a quick guide on what to do if infected with ransomware.
Work out what family of ransomware was used in the attack
Ransomware is generally classified into three main groups, scareware, lockware, and encryption ransomware. You could argue that it’s really just two since scareware and lockware both work mainly through using social engineering to frighten the victim into submission.
Scareware does nothing more than send a frightening message. All you have to do is have an anti-malware program scan the device and follow its instructions. Lockware really does lock computers but is generally easily bypassed by booting into safe mode. You can then either just scan for the malware or restore it to a previous time period and then scan for malware.
Encryption ransomware, however, is much more technically-sophisticated (and may also deploy social-engineering tactics to great effect). It encrypts files and then sends a ransom note (usually with a sample of the files) to try to force the victim to pay to get them back. Getting rid of the encryption ransomware itself is usually easy enough, a malware scan will generally find it. The problem is that in this case dealing with the problem does not resolve the consequences. In other words, your files will still be encrypted.
The only guaranteed cure for encryption ransomware is proper data storage
You should certainly do your absolute level best to stop any form of ransomware from getting into your system in the first place, but these days, you also have to be prepared for the worst. In the case of encryption ransomware the two big threats are data theft and data loss.
Protecting against data theft
If you store data in the clear, then anyone can read it. This means that cyberattackers who gain access to your system can not only charge you a ransom to regain access to your own data but can also keep a copy of it for themselves or to sell on the black market. Alternatively, if you refuse to pay the ransom, they can either make their money through the data they steal or expose your data publicly to create trouble for you and intimidate future victims.
The solution to this is to store data encrypted (or at least store sensitive data encrypted). For completeness, this will not stop the ransomware from encrypting the data again. It will, however, mean that the cyberattackers are also blocked from accessing your data.
Protecting against data loss
Even with the best protections in place, local data backups are very vulnerable to compromise if the production system comes under attack. This is particularly true in the case of ransomware attacks because automated backups will often just transfer the infected files into the local backup, overwriting any healthy files which were already there.
You, therefore, need to have an off-site data backup as well. If you’re in the cloud, this means in a separate cloud. Ideally, you’ll also be able to recover to different time points. If you can’t manage this through your data backup software, then see if you can arrange it manually. Keeping multiple data backups can get expensive if you hold them all in fast storage. If, however, you put them into slow storage, then it becomes more feasible, especially compared to the alternative.
Defending yourself against ransomware infections
It is very risky to rely purely on the free security apps bundled with the main operating systems. None of the companies behind them are cyber security companies, so they cannot be expected to have the same level of expertise as companies that actually specialize in cyber security. What’s more, you can get reputable consumer-grade anti-malware products for free and there are even solid business-grade products available at very little cost.
Additionally, you need to be scrupulous about only using live operating systems and applications (i.e. ones which are still supported by their developers) and applying any security-related updates as quickly as possible. This means ideally within a day or two, at most within a week.
Bluntly, unless you make the resources to apply these updates, then you’re leaving a wide-open door to cyberattackers who will make the time to come up with a way to exploit them. Either dedicate in-house resources specifically to applying updates as they are released or get a managed IT services provider to take care of this task for you.
Please click here now to start your free 30-day trial of Comodo AEP.