What to do when you get ransomware
Although ransomware has only been in existence for a relatively short time, it has become a real menace to individuals and businesses. In fact, it is now so widespread that everyone should be alert to the possibility that they could fall victim to a ransomware attack. With this in mind, here is a quick guide to what to do when you get ransomware.
Work out what kind of ransomware has been used in the attack
There are three main kinds of ransomware currently in existence. These are scareware, lockware, and encryption ransomware. Scareware and lockware are almost identical. They both leverage social-engineering tactics to try to trick the victim into believing that they have to pay the attacker to solve whatever problem the ransomware claims to have created.
In reality, scareware can be removed just by running an anti-malware scan on your computer. Lockware can be removed by booting into safe mode and then running an anti-malware scan or, if that fails, restoring to a previous time point and then scanning for malware.
Encryption ransomware, however, means exactly what it says. It encrypts files and then sends a ransom note demanding payment for the key to decrypt them. Getting rid of the ransomware itself is usually very straightforward. An anti-malware scan will generally deal with it. The problem is that getting rid of the cause does not resolve the symptom. In other words, getting rid of the ransomware will not decrypt your files. Only the decryption key will do that.
How much trouble encryption ransomware causes you will depend entirely on how well you have prepared for an attack. The bad news is that you can never assume that you are too small, too big, or too anything to be of interest to cyberattackers. The good news is that it costs very little to set yourself up to defeat most encryption ransomware attacks and to survive anything which does get through your defenses.
All sensitive data must be kept encrypted at all times
As a minimum, keep all personally-identifiable data encrypted at all times. Ideally, encrypt any data you don’t want other people to read. This will not stop your data from being encrypted again. It will, however, stop the cyberattackers from making use of your data for other purposes. This can keep you on the right side of the law yourself since you will almost certainly have a legal obligation to protect any personal data which is entrusted to you and that includes your own employees’ data.
Your data-backup process must be ransomware-proof
Local data backups are very vulnerable to being compromised if your production system is breached. With encryption ransomware attacks, there are two main ways this can happen. The first way is that the local backup can be accessed directly from the infected device. For example, someone could be logged into a cloud drive or have a storage device connected to their computer. In this case, the ransomware can simply spread to the backup. The other way is that automated data backups transfer the infected files into the local backup system.
There is possibly no IT-related situation as infuriating as finding out that the backup you thought would protect you from ransomware has actually been compromised by ransomware. The best way to avoid this is to follow the old 3-2-1 rule and keep three copies of your data (encrypted) over two media with one copy kept off-site (which, these days, can mean in a separate cloud).
Ideally, you should also keep data backups over various time points just in case it takes you some time to pick up on the ransomware attack. You can reduce the cost of this by moving older data backups into slower storage.
Defending against ransomware attacks
Your main game plan should always be to stop ransomware from getting into your system in the first place. This means that you need a robust anti-malware program with an integrated firewall. It is very risky to rely on the default security apps provided with the major operating systems. The reason for this is that the companies behind them are not cybersecurity specialists and hence can’t be expected to create apps of the same quality as companies that are totally dedicated to cybersecurity.
You also need to commit to ensuring that updates are promptly applied to your operating systems and any locally-installed apps you use (cloud-based apps will be updated by their vendor). This is non-negotiable so if you know it is a weak point in your organization, you either need to arrange in-house resources or have a managed IT services vendor take care of it for you.
Please click here now to start your free 30-day trial of Xcitium AEP.
Endpoint Detection and Response
What To Do If Infected With Ransomware