How to deal with ransomware encrypted files
Coming into work to discover that you’ve been a victim of a ransomware attack may be the ultimate example of a bad day. It is, however, a fact of life for many companies. With that in mind, here is a quick guide on how to deal with ransomware encrypted files (assuming you don’t have a backup).
Never pay the ransom
Here is what you don’t do. You don’t pay the ransom. This is more than just a matter of morals. It’s a matter of practicality. There is absolutely no guarantee whatsoever that you will get your files back. In fact, there are known to be some forms of ransomware that cannot be decrypted, meaning that you can’t get your files back.
Use a ransomware analyzer tool to identify the form of ransomware used
The inevitable ransom note will generally come with a sample of encrypted files to show that the cyberattacker means business. These can be analyzed by ransomware-identifier tools which will take their best guess as to which form of ransomware is most likely to have been used. Some of these tools will then be able to tell you if a decryption key exists or you can check on the internet.
Be very aware, however, that you will need a bit of luck on your side. The fact that ransomware is so lucrative means that the cybercriminals behind it have means as well as the motive to keep updating their software so that security tools are rendered obsolete as quickly as possible.
If you have a proper data backup strategy in place you won’t need to worry about decryption
Obviously, you want to avoid being attacked by ransomware in the first place. If, however, you do wind up with a ransomware infection, your pain can be greatly reduced if you can just restore from a data backup instead of having to cross your fingers and hope that you can find a decryption tool.
In the context of dealing with ransomware encrypted files, the key point to note is that automatic data backups to local systems will generally just transfer the infected file to your data backup environment, potentially overwriting a healthy file in the process. This is one of the many reasons why it’s important to have a second data backup stored offsite and to check files carefully before transferring them to it.
While this may require extra effort to implement, especially if you are working in the public cloud, the effort is well worth taking. Not only will it give you added protection against data loss, including from ransomware attacks, but it will lay the foundation for a complete business-continuity/disaster-recovery solution.
Effective IT security will go a long way towards stopping ransomware attacks
It does have to be said that no security system can ever guarantee 100% protection, but it can get you pretty close and do a lot to reduce the likelihood that you will need to go through the hassle of restoring from data backup after a ransomware attack.
Your first line of defense is an anti-malware product with a firewall
You can actually get an anti-malware product and a separate firewall but these days there is hardly ever a reason to do so. If you buy a product from a reputable vendor it will perform both functions just as well as separate products, plus it will usually be more cost-effective and simpler to configure.
At this point, cloud-based anti-malware products are generally the best option for two reasons. Firstly, they can be updated more quickly as the updates go live as soon as they are deployed on the server. Secondly, they reduce the burden on the local device.
It is vital to keep your operating system and applications updated
In simple terms, any device which is connected to the internet should use an operating system and applications which are still maintained by the developer and all security-related updates should be applied promptly, if possible as soon as they are released. If you must keep older operating systems or applications running, then you should aim to keep them offline.
Security takes priority over user convenience, so if updates need to be applied during the daytime, with the result that the network becomes congested and/or users are required to reboot their computers, then so be it. Alternatively, you can arrange for a managed IT services company to take care of your updates for you and ask them to do so either out of hours or at a time when your network is quiet.
Please click here now to start your free 30-day trial of Xcitium AEP.
Endpoint Detection and Response