What to do in case of a Ransomware attack

Over the past several weeks we’ve been discussing Ransomware; both what it is and how to prevent it from effecting your systems. This week we’ll be looking at what to do should your system be infected with Ransomware.

If your system does become infected with Ransomware, your first priority should be to keep it from spreading to other systems. Unplug the Ethernet cable, or disable the wireless, just be certain that your system cannot interact with any other computers. It is also advised that you scan any systems it could have interacted with, in particular the server, to be certain that the Ransomware did not try to attack other systems. Sometimes when Ransomware is caught early it can be removed before it encrypts hard drives, so scanning these other systems can prevent further headaches in the future.

Next, it’s best to record as many details about the infection as possible. What does the ransom note demand? Where does it tell you to send the ransom? Things like these are helpful for researchers and antivirus companies, and the more information you can offer them, the better they can protect you in the future. Do you remember what may have triggered the attack? Remember that Ransomware can’t simply appear out of thin air, but can be set to activate after a delay of a few days, so try and consider any suspicious websites you may have visited in the past several days.

Finally, you have to deal with the infected system, and unfortunately your options are few. If your system was indeed infected with true, encrypting Ransomware, the best course of action is to rebuild it. If you have maintained a consistent backup, this will be much simpler, and you’ll be able to keep most of your files. Just in case, however, try basic things like closing all open programs and browsers, as some of the most primitive Ransomware attacks may just threaten that they’ve encrypted your files, when in reality it is just keeping your browser from leaving a threatening looking webpage.

The most important thing is to never pay the ransom. If people regularly and continually pay Ransomware attacks, they will continue being a good source of revenue for attackers and the attacks will continue to be encouraged. Additionally, though they could indeed decrypt your files after you pay the fee, the attackers often do not, leaving you with the bill and a computer you can’t use.

Another resource on building defense against Ransomware, particularly Cryptolocker, can be found here on ESET’s WeLiveSecurity website: 11 Things You Can Do to Protect Against Ransomware This article has many useful tips that we did not get to cover, and even lists additional guides to Ransomware from ESET.

 We at Astria Business Solutions hope this short guide to Ransomware has been useful to you. We will likely cover the topic again further in the future, but for now we will be moving to other topics. If you have a specific topic you'd like to hear about, please feel free to comment below! We appreciate feedback, and hope to improve Astria Horizon as a resource to you.