In the past few years, ransomware attacks have significantly increased in frequency, targeting almost every industry that utilizes a computer-based infrastructure. Universities, Fortune 500 companies, and even hospitals have been victims of this insidious malware. Ransomware is a specially crafted type of malware, which takes control of a user’s computer, only giving the control back to the user after a fee has been paid to the attacker.
Also known as cryptovirus, cryptotrojan, and cryptoworm, ransomware has become one of the greatest concerns to IT security professionals. With the average ransom price increasing to a substantial $1,077, it is now more important than ever to know what to do when your computer has been infected by ransomware.
1. Take a Deep Breath and Identify the Type
The first thing that any user should do when infected by ransomware is to relax. Take some time to get yourself composed, and then begin understanding what type has infected your system. To identify which type of ransomware has infected your system, start by examining how your computer has been locked. Look for popups demanding money, and be sure to check files for encryption. If none of your files are locked or encrypted but there is still a popup demanding money, it may just be a hacker attempting to scare you into paying them.
Many times these ransomware popups will use official seals or titles. Critically think about where the popup claims to be coming from. Don’t be fooled into believing that the FBI or IRS would lock your computer and hold it for ransom.
2. Keep the Ransomware From Spreading
Anytime you suspect that you have been infected by ransomware, you should immediately begin following virus quarantine protocols established by your system administrator. You should immediately disconnect your computer from any networks or drives. This will help prevent your machine from infecting other computers on your home or work network, reducing the overall severity of the ransomware.
3. Try to Remove It
After your computer has been taken offline, the next thing you should do is use an offline anti-malware scanner to remove the ransomware that has infected your computer. These types of anti-malware scanners will be able to successfully remove a non-encryption type of ransomware most of the time.
If a type of ransomware that encrypts your files has infected your computer, you may have a much harder time restoring your computer to working order. At any rate, never pay the person that is holding your system hostage; there is no guarantee that they will actually remove the ransomware, and they will be encouraged to keep infecting people.
4. Restore Your Files or Seek Help
If you are able to identify what type is infecting your computer, you can check for a ransomware decryption tool to help clean your computer. If there is no decryption tool available and you have a recent backup image of your files, you should simply restore them with the most recent backup you have prior to the date of infection.
Once you have contained the ransomware with your tool and decrypted your data, the next step is to contain and eradicate the ransomware from your computer and network. All affected machines should be wiped and reformatted or replaced to ensure that the ransomware is gone from your network. If none of these options remove the ransomware, you should consult an IT professional for help. They may have experience with this type of malware and could be able to offer valuable support.
5. Know How to Protect Against Future Attacks
After you have recovered from the ransomware infection, you should look into preventing further attacks on your network in the future. With each new iteration of ransomware, hackers look to improve the contagiousness of their malware. New reports are coming out every day concerning Mac supported infrastructure being infected by new types of ransomware, making a once Windows-only problem a concern for Mac users as well.
The best way to defend yourself is to invest in cybersecurity. Ask professionals for their advice on the latest antivirus software. It is also a good practice to develop network protocols for businesses concerning the proper use of company machines. Preventing attacks starts with the user operating their machines safely.
Backing up your important data regularly should also be considered. Sensitive and important data should be backed up daily to prevent worst-case scenarios from happening. Backup drives should be disconnected from your computer after the backup is complete, and stored in a safe area to ensure your data is secure.
Cybersecurity is constantly changing and to maintain a safe network environment, our knowledge and security standards must change as well. Continuously updating your knowledge base is imperative to operating safely. Always backup your data in a secure way, and ensure that it is safe from outside sources. Remember that preventing attacks starts with the user and the more educated the user is about these attacks, the less successful the attacks will be.
This is a guest article by Heather Redding, a tech enthusiast and freelance writer based in Aurora, Illinois. She is a coffee-addict who enjoys swimming and reading. Street photography is her newly discovered artistic outlet and she likes to capture life’s little moments with her camera. You can reach Heather via Twitter.