What you need to know about antivirus ransomware removal
A robust antivirus can remove a ransomware infection, but it will not necessarily be able to undo any damage the infection has already caused. Because of this, you need to have a strategy for preventing as many ransomware attacks as possible and protecting yourself from them if they do occur. Here is what you need to know.
The basics of ransomware
You’ll know you have a form of ransomware if your computer (or mobile device) displays a message demanding you make a direct payment to someone and providing instructions on how to make that payment. At this point, it doesn’t really matter what specific form of ransomware you have, the next steps are the same.
Step one is to see if you can install a reputable antivirus and have it scan your computer. If you can, the problem was either scareware or encryption ransomware. If the ransom note referenced anything other than encrypted files, it was scareware. If it referenced encrypted files then it was either genuine encryption ransomware or scareware presenting itself as encryption ransomware. Scan your files to see if any of them have undergone unauthorized encryption. If not, then you had scareware, if so, then you had genuine encryption ransomware.
If your computer is frozen so you can’t install an anti-malware program then you have lockware. Boot into safe mode and see if that enables you to install an anti-malware program. If not, restore to a previous time point. Then install an anti-malware program and have it scan your computer just to be on the safe side.
The issue of encryption
Removing ransomware itself is generally very straightforward. The problem is that this does not undo any damage it has already caused. Neither scareware nor lockware has any technical impact on either your computer (or mobile device) or your data. Encryption ransomware, however, really does encrypt your data, and getting rid of the infection does not result in it being decrypted. Only the decryption key will do that. This means that you either have a data backup or you are in big trouble.
If your production system is compromised, then it is only too likely that any local data backup will be too. This is particularly likely if you have an automated system for backing up your data. This is one of the reasons that you also need an off-site data backup which is physically and logically separate from your main system. Ideally, this should hold data backups from different time points as encryption ransomware is increasingly being designed to lie dormant for a while and/or work slowly to increase the chance that it will be able to infiltrate an off-site data backup.
Rather ironically, encryption can actually be a useful tool in protecting your organization. One of the major issues with ransomware is that it can be partnered with data theft, but only if your data is stored in the clear. If it is encrypted, it only has ransom value and if you have a ransomware-proof data backup, then it doesn’t even have that.
It’s also worth noting that most organizations are going to be storing some personally identifiable data, if only from their own employees. Personally identifiable data generally has some level of legal protection. This means that if it is stolen, via a ransomware attack or by any other means, law enforcement and regulators may take action against the company which was charged with protecting it – while the data thieves often go free. Encryption can protect against this.
Preventing ransomware attacks
Ransomware is becoming increasingly sophisticated (even more so than most forms of malware). This means that you need to be realistic about, and prepared for, the possibility that it will get past your defenses. That said, you should still put up as many defenses as you can and stop as much of it as possible.
Your first line of defense is basic IT hygiene. In particular, you should make it a point of principle to stick with operating systems and applications which are still supported by their developers. This means that they will still get security updates and you should apply these promptly. If you’re using Linux, then you need to keep track of current security threats and their fixes and be prepared to develop them yourself if necessary.
Your second line of defense is a robust anti-malware program. For most organizations (and individuals), the best option is a cloud-based, all-in-one solution that, at the very least, has an anti-malware scanner and a firewall. Using a cloud-based option means that the vendor takes care of all the updates (which will be frequent) and using an all-in-one solution gives you everything you need right “out of the box”.
Please click now to start your free 30-day trial of Xcitium AEP.