How to remove ransomware
Ransomware comes in three main forms. These are scareware, lockware (screen lockers), and encryption ransomware. Scareware and lockware are mainly consumer-facing threats and tend to be fairly easy to remove. Encryption ransomware is more of a challenge. The problem with it is that you can remove the source of the problem but still be stuck with encrypted files. That said, here is what you should try.
Disconnect your computer from the internet. If your luck is in, this could make your life a lot easier. Breaking off the contact between the installed program and the person behind it could force the program to sit idle while it waits (indefinitely for instructions).
Use another device to download a reputable security program, install and run it. First of all, make sure you only ever use a security program from a reputable supplier like Xcitium. A lot of “security programs” on the internet are actually malware. Secondly, make sure that you use a clean device to make the transfer. It doesn’t have to be brand new in wrapping, but you do have to be confident that you’re not going to be introducing any new problems. Thirdly, when your program identifies problem files, make sure you delete them permanently.
If you can’t get access to your computer to install the program, try booting into safe mode with command prompt (press F8 during the initial boot sequence), type rstrui.exe, and hit enter. Restore to a date before you were infected and then follow the steps above.
Retrieving your files
As previously mentioned, the above steps will, hopefully, remove the ransomware itself (if not you may well just have to wipe your hard drive and start again). They will not decrypt your files. If you have backed them up properly, then your easiest option is usually just to recover from your backup. If you haven’t then you might be able to solve the problem by looking on the internet for a decryption tool to deal with the effects of that specific type of ransomware. The key word here is specific. Sadly you cannot just buy an all-round decryption tool for all ransomware.
If neither of these is possible, then realistically you just have to grit your teeth and accept your loss. Paying the ransom will not guarantee that you will get your files back. It will just mark you out as someone who will cave under pressure. Take the loss as a lesson in the importance of having both robust security practices and effective data backup processes.
Prevention is much better than cure
When it comes to malware in general and ransomware in particular, prevention is much better than cure. This means you want a robust anti-malware product with an email scanner and a firewall (or three separate products just as long as all functions are covered effectively).
You also need to ensure that all your operating systems and apps are updated promptly. It is impossible to overstate how important this is. Popular entertainment may love to portray cyber criminals as evil geniuses but the truth is a lot more mundane. The simple fact is that a very large percentage of cybercriminals simply take advantage of the fact that many businesses still fail to run their security effectively and that updates are a weak point for many companies.
In short, you either need to run your security effectively using your in-house resources or you need to get a managed IT security company to run it for you. Both of these options are less painful and less expensive than falling victim to malware, especially ransomware.
It’s very much advisable to supplement these with robust policies about how your IT systems are to be used. For example, you will need to think about whether or not to allow personal use of the internet/email and, if so, to what extent.
If you have mobile workers, you’ll need to think about how they will access your network when they are on the move. A VPN is the obvious suggestion but another possibility would be to mandate that they only connect via their mobile data or a paid WiFi connection, not free WiFi. This could be a good option for users who only travel occasionally, especially if they’re not particularly tech-capable.
Last but not least, remember to protect your hardware as well as your network. For example, block off your USB ports so staff cannot use unauthorized devices, even in innocence.
Please click here now to start your free 30-day trial of Xcitium AEP.
Endpoint Detection and Response