In-depth

If you've been hit by ransomware do this first

When Wannacry hit NHS computers (as well as many other organisations around the world) a few weeks ago, it showed us just how bad the threat of ransomware is.

According to a white paper published by Kaspersky (titled The Ransomware Revolution), in 2016 attacks on business increased three-fold between January and the end of September: the difference between an attack every two minutes and one every 40 seconds. Ransomware has also become more sophisticated and diverse.

Advertisement - Article continues below

If you have become a victim of ransomware, here is what you should do first.

Remove the computer from the network

If the computer is part of a network, remove it from the network either by pulling out the Ethernet cable, or switching off wireless functionality (if you have a physical wireless switch).

Don't pay the ransom

If your PC has been hit by ransomware, do not pay the ransomware, there is very little evidence that hackers will decrypt your computer once the ransom has been paid. According to Kaspersky (download whitepaper here) TeslaCrypt was shut down when the master key to decrypt files was released, apparently by the malware actors themselves. Around 3,500 keys for the Chimera ransomware were release in July 2016 by someone claiming to be behind the Petya/Mischa ransomware.

Advertisement
Advertisement - Article continues below

Another thing to consider here is that if you give a hacker credit card data, they will most likely use this information to commit further fraud. If they do provide an unlock file, this may well infect your PC with further malware.

Advertisement - Article continues below

If you are an individual user, it would be worth contacting someone who is an IT expert to help. If you are business, contact the police to provide as much evidence as possible.

Restore from a backup

If you have kept backups of data, it would be a good time to dig out the last good backup and restore from this. This will not retrieve all your data but will keep data to as much of a minimum as possible. Also, make sure you have external backup; any system restore images on the same drive may well also be locked up by criminals.

Format and reinstall your operating system before you restore your backups from a clean source.

Boot into safe mode to disinfect

When you have restored your computer, always boot into safe mode and run a deep scan with antivirus product, other malware may still reside on your hardware.

Advertisement - Article continues below

If the ransomware has blocked access to your PC, you can use Kaspersky WindowsUnlocker, run from a USB key to clean up a ransomware infected registry and gain access back.

Unlocking the files

Luckily for some victims (and unlucky for criminals), some encryption keys use in ransomware can be cracked. Many IT security firms have had success in finding the keys for locked files. It may be a good idea to look at the websites of legitimate IT security companies to see if any decryption software exists for the strain of ransomware on your PC.

Precautions

Prevention is better than cure, the adage says, so there are a few provisions you can take to ensure you never become a victim of ransomware. 

  • Always keep a backup off-site. If you have cloud storage, use this as well.

  • Don't enable macros in documents attached in emails.

  • Use a Microsoft Viewer instead of opening a document in the full application.

  • Never open an unsolicited attachment.

  • Log in as a guest rather than an administrator.

  • Always update software.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/business/business-operations/356395/nvidia-overtakes-intel-as-most-valuable-us-chipmaker
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/server-storage/servers/356083/the-best-server-solution-for-your-smb
Sponsored

The best server solution for your SMB

26 Jun 2020