What to do if you think you’ve been infected by ransomware

infected by ransomware
21 Oct, 2022 504 Views
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)

If you are infected by ransomware, your first step is to deal with the infection to stop the situation from getting any worse. What action you take after that will depend on the form of ransomware used in the attack. You can minimize your chances of being infected by ransomware by implementing effective IT security and you can reduce the impact of a successful ransomware attack by storing your data appropriately. Here is what you need to know.

What to do if you think you’ve been infected by ransomware

It’s usually fairly easy to tell that you’ve been encrypted by ransomware. Your computer will display a message which includes a demand for direct payment, usually to a given email address. If you see a message of this nature, your first response should be to try to install a reputable anti-malware program and have it scan your computer.

If you can’t install an anti-malware program, then boot into safe mode (with networking in Windows) and see if this allows you to install an anti-malware program. If not, try booting into safe mode (with command prompt in Windows) and restore to a previous time point. Then install a reputable anti-malware program and have it scan your computer just to be sure that it is really completely clean.

The importance of the ransom note

Resist any temptation to delete the ransom note until you’ve completely resolved all issues connected with the ransomware attack. It can give important clues as to what actions you need to take.

If the ransom note references anything other than encrypted files, then you had scareware or lockware. In this case, you can simply move on. Scareware and lockware are both pure scams. They will not actually damage your systems (or data). If it references encrypted files then it is probably encryption ransomware. This is the form of ransomware which businesses hate because it really does encrypt your files. There is, however, a possibility that you have scareware that presents itself as encryption ransomware.

In this case, you have a couple of options. The safest option is just to restore from a data backup you know to be clean. An alternative, however, would be to scan the files to see if you can identify any which are encrypted but shouldn’t be or any which show evidence of unexplained or unusual changes before deciding whether or not you need to restore from a backup.

If you discover that you have encryption ransomware and you don’t have a backup, then the ransom note may allow you to identify the exact form of ransomware used in the attack (usually with the help of a ransomware identifier). You could then look to see if there was a decryption tool for it. Please be aware, however, that in this situation, you are really banking on your luck. Not only do you need to try to find a tool that works, but you also need to avoid malware disguised as ransomware decryption tools.

Protecting yourself from a ransomware attack

Although prevention is far better than cure, you need to be realistic about the fact that even the best defenses can never guarantee 100% protection.

This means that you need to work on the assumption that you’re going to fall victim to ransomware attacks some of the time and, hence, need to take steps to minimize the damage.

At this point, the main concern with ransomware is that it will be partnered with data theft. Ransomware itself does not steal data, but if an attacker can get access to your internal systems, then they can view (and copy) any data which is left in the clear. The way to protect yourself against this is to ensure that sensitive data is stored encrypted.

After this, your next concern is to ensure that you maintain access to your data in the event of a ransomware attack. The way to do this is to take steps to ensure that your data-backup strategy is ransomware-proof.

This means that you need a self-contained off-site backup (i.e. one which is physically and logically separate from your main system). You should scan all files before backing them up to ensure they are healthy and, ideally, you should keep backups from different time-points, in case you are infiltrated by slow-acting ransomware. If you’re in the cloud, you can reduce the cost of this by moving older backups to slower storage.

Preventing a ransomware attack

The best way to prevent a ransomware attack is to combine effective everyday maintenance (like updating operating systems and applications) with a robust anti-malware product from a reputable cybersecurity company.

Please click now to start your free 30-day trial of Xcitium AEP.


Related Sources:

Endpoint Detection
Endpoint Detection and Response

Malware Protection Ransomware
Ransomware Attacks
Ransomware Protection
Ransomware Removal
Ransomware Virus
ITSM Service
Implement The Best Protection Against Ransomware