October 11, 2019

What should you do during a ransomware attack?

You may have heard the terms ransomware, crypto-malware, or crypto virus: what are they and what can you do if you are attacked by them?

Let’s start with a definition: ransomware, crypto-malware, or crypto virus — all typically referred to as ransomware — is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid (typically paid with bitcoin so the transactions cannot be traced). Ransomware usually spreads through phishing emails (faked or hacked emails designed to infect a computer through links or attachments) or by unknowingly visiting an infected website. Ransomware can be devastating to an individual or an organization.

Taking steps to minimize your risk of getting ransomware can prevent attacks, and should be your first line of defense. Ransomware is most commonly delivered via emails known as phishing emails, which often have booby-trapped attachments such as a Word file or a PDF. Phishing emails are often targeted to a specific person so they will be more likely to trust the email. Also common in phishing emails are links that look legitimate but in fact lead you to a malicious website (for example, instead of www.amazon.com, it says www.amazon-shop.us, or micnosoft.com in place of microsoft.com).  STOP and really think before clicking on anything in an email. First consider:

  • Are you expecting this email?
  • Do you know the person sending the email?
  • Does the domain name look funny?
  • Did you hover over a hyperlink to verify where the link will take you? (If you move your cursor over any hyperlink in an email, but don’t click on it, you can see the full web address it links to.)

These are the types of questions you need to ask yourself before clicking a link or opening an attachment. One of the biggest risks companies face currently is employees getting phished, and it can cause major trouble for individuals as well.

Ransomware starts by encrypting your files or your computer entirely and holds this data hostage until you pay to get the decryption key. In the event your computer does get a ransomware virus, the most important things you can do are:

  • DISCONNECT FROM YOUR NETWORK. This should stop the spread of the malware to other computers and potentially minimize severe damage.
  • Do not pay the ransom cost (this is now official advice of the FBI). This can encourage cybercriminals.
  • Seek help from an IT resource to identify the ransomware family and take the best course of action for recovery.

How to recover from ransomware:

  • Depending on which ransomware was used, there are some free decrypting tools available. Unfortunately, most of the time, the encryption algorithms cannot be decrypted without the specific key.
  • The quickest way to get back up and running is to format and reinstall your operating system. (Choose this option if you do not need the specific files on the computer or have backups of yours files.)
  • Restore from a full backup.
  • Boot into Windows Safemode and see if you can use System Recovery to restore to a date prior to the ransomware attack to ensure the ransomware is eliminated.

How to prevent ransomware:

  • Don’t click on email attachments or links.
  • Do not open emails from unknow senders with suspicious links and attachments.
  • Apply all critical security patches for your operating system and applications.
  • Always keep your antivirus software up to date.
  • Enable “Show hidden Files, Folder, and Drives” and disable “Hide extension of known files types” in your Windows Systems Settings and Folder Settings. This can help you spot suspicious files.
  • Back up all important files and store them in a location off your computer and network. (Cloud backups are best.)

If you do not have backups of your data, paying the ransom might be the only way to recover your files. These cybercriminals are banking on users not backing up their data. It is highly recommended to have either a cloud backup or an external hard drive backup of your data. These separate sources can keep a clean, safe version of your data in the event of a ransomware attack.

A final thought: getting attacked by ransomware can be a very scary and debilitating encounter. So please take care to back up your important data and stop and think before clicking! Please consult your local IT help for more information about ransomware and preventing ransomware in the future. There are also lots of online resources with more information on how to prevent and recover from a ransomware attack. Here is a good example.