Written by RANSOM ATTACKS FOR DUMMIES
Ransomware attacks can leave you without your data, your money, or both. If you’re a victim of a ransomware attack, follow these steps.
Imagine yourself putting the final touches on an important work report when you suddenly lose access to all the files. Or you get an eerie error message asking you to send Bitcoin to decrypt your computer.
No matter what the scenario is, a ransomware attack can be devastating for its victims. Let’s learn more about ransomware and the immediate steps you can take following a ransomware attack.
What Is Ransomware?
Ransomware is a malicious attack that leaves your data locked or encrypted by anonymous cybercriminals. The attackers provide instructions on how to decrypt the files, and the victims can eventually have their files back after paying a hefty “ransom” upfront. Normily via crypto currency that is harder to trace.
In some cases, cybercriminals may stage a ransomware attack in advance and execute it later on, so that the actual attack might happen days after the network infiltration.
Steps to Take After Getting Hit by Ransomware
Prevention is the best form of defense when it comes to ransomware. If you or your company does not have robust preventative security measures in place,
you can often find yourself in the midst of a ransomware attack.
A ransomware attack can be utterly devastating. But if you act promptly immediately after a ransomware attack, you can mitigate some of the damage.
Here are 10 steps you should take following a ransomware attack.
- Stay Calm and Collected
It’s difficult to stay calm and composed when you cannot access important files on your computer. But the first step to take after getting hit by ransomware is to not panic and stay level-headed.
Most people rush into paying the ransom before analyzing the gravity of the situation they are in. Staying calm and taking a step back can sometimes open doors for negotiations with the attacker.
- Take a Photo of the Ransomware Note
The second step is to immediately take a picture of the ransomware note on your screen through your smartphone or a camera. If possible, take a screenshot on
the affected machine as well.
This will help you in filing a police report and will expedite the process of recovery.
- Quarantine Affected Systems
It’s important to isolate the affected systems as soon as possible. Ransomware typically scans the target network trying to take over other systems.
It’s best to disconnect any affected systems from the network to contain the infection and stop the ransomware from spreading.
- Look for Decryption Tools
Fortunately, there are many decryption
tools available online, in places such as (No More Ransom.)
If you already know the name of the ransomware strain used, then you can simply plug it into the website and search for the matching decryption. The list is not alphabetical, and the site adds new decryption tools to the bottom of the list.
- Disable Maintenance Tasks
You should immediately disable automated maintenance tasks, such as temporary file removal and log rotation, on affected systems. This will prevent these tasks from interfering with files that might be useful for forensics and investigation analysis.
- Disconnect Backups
Most modern ransomware strains immediately go after backups to thwart recovery efforts.
Thus, it is imperative for you or your organization to secure your backups by severing them from the rest of the network. You should also lock down access to backup systems until after the infection gets removed.
- Identify the Attack Variant
To determine the ransomware strain, you can use free services such as (Emsisoft’s) online ransomware identification tool or ID Ransomware.
These services allow users to upload a sample of the encrypted file, any ransom note left behind, and the attacker’s contact information, if available. The analysis of this information can identify the type of ransomware strain that has impacted the user’s files.
- Reset Passwords
Change all online and account passwords once you have disconnected the affected systems from the network.
After the ransomware gets removed, you should once again change all the system passwords.
- Report the Ransomware
The moment you notice a ransomware attack, be sure to contact law enforcement.
Ransomware is a crime and should be reported to local law enforcement authorities or the FBI. Even if law enforcement cannot help with getting your files decrypted, they can at least help others avoid a similar fate.
- Decide Whether to Pay or Not
Deciding to pay for ransomware is not an easy decision and comes with its pros and cons. Only pay for ransomware if you have exhausted all other options and the loss of data is more damaging to you or your company than paying the ransom.
Sadly the amount of cases where companies have still lost there data after payment was made is higher than that of return.
Employ daily backups: Regular data backups are an integral part of a disaster recovery plan. In the event of a ransomware attack, you can recover and access backed-up data. You can always decrypt your original data by restoring successful backups.
Next week’s cyber blog we will be covering more useful tips to help mitigate ransomware attacks
Really good read
Thank you
It’s a type of attack that seems to be more prevalent than ever and having a strong security posture within your business is the best form of defense against this.