how to get rid of ransomware
Even though ransomware is a relatively new form of malware, it’s already been responsible for some high-profile attacks and generated significant revenue for its creators. This means that you need to be prepared for it. With that in mind, here is a quick explanation of how to get ransomware and how to get rid of ransomware.
How to get ransomware
It’s believed that, at present, all ransomware attacks require some element of social engineering. A user has to be tricked into visiting a compromised website and/or downloading a malicious file. There are types of ransomware for all the main operating systems on both computers (Windows, MacOS, and Linux) and mobile devices (Android and iOS).
The different types of ransomware
Currently, ransomware comes in three main forms. These are scareware, lockware, and encryption ransomware. The first two are most prevalent in the consumer world and the last is more prevalent in the business world.
How to deal with scareware
Scareware, as its name suggests, is purely about scare tactics. A user sees an intimidating message on their screen, the aim of which is to trick them into believing that they have to pay to resolve a problem. Rather ironically, it’s very common for the message to say that the victim’s device is infected with malware (which is true) and that the victim has to contact the attacker for IT support to remove it. A much more sensible approach is just to use a robust anti-malware program to scan the device and deal with it.
How to deal with lockware
Lockware is more of a pain as it really does lock your computer. For the most part, however, lockware can be removed by booting into safe mode (with command prompt), restoring to a previous point in time, and then using a robust anti-malware program to scan the device and deal with the infection.
How to deal with encryption ransomware
Dealing with encryption ransomware itself is not particularly difficult. You just use a robust anti-malware program to scan the device and get rid of the infection. If you have a data backup, then you just restore from that. If you don’t, however, then you have a serious problem and you’re going to need a lot of luck on your side to solve it.
There are ransomware identifiers online which can analyze the inevitable ransom note and the sample files which are usually sent with it (to show that the attacker is serious). The reputable ones can generally do a very effective job of advising which form of ransomware was most likely to have been used. They may even be able to tell you whether or not a decryption tool exists for it.
If it does, then hold off the celebrations until you actually test it as ransomware is so lucrative that its creators can afford to update it regularly precisely to stay ahead of security tools. In short, if you can decrypt your files, you can consider yourself extremely lucky and should do your best to avoid having to bank on your luck again.
How to prevent ransomware
There are two key steps to protecting yourself against ransomware. The first is to invest in a high-quality anti-malware product with an integrated firewall. Ideally, you want a cloud-based product as these can be updated very quickly when new threats emerge. Additionally, the update process is controlled by the vendor, which saves your IT team a job. Using a cloud-based product also lightens the load on the client devices.
The second is to make sure that any device which connects to the internet is promptly updated with all security-related updates and patches. Getting these updates and patches depends on you using operating systems and applications which are still supported by their vendor. This will need to be factored into your decisions regarding hardware (and software) upgrades.
The importance of data backups
Prevention is always better than cure, but knowing there is a cure can be extremely reassuring. At the end of the day, while restoring from a backup may be a hassle you didn’t need, a short loss of productivity is better than a permanent loss of valuable files.
An effective data backup process results in you having three copies of your data, over two media (clouds) with one copy being kept off-site (in a different cloud). This off-site copy is massively important for many reasons, including protecting against ransomware, because any issues in a local system can be “baked into” the local backup before the issue has been identified.
Last but not least, sensitive data should be kept encrypted. Personal data must be kept encrypted. This won’t prevent ransomware but it will protect against data theft.
Endpoint Detection and Response