Think about that panicky feeling you get when you lose one file. Now scale that feeling up and imagine the panic after losing all your files. That’s how you’ll feel if a ransomware attack makes it impossible for you to access any of your data.
Ransomware is a kind of malware that holds your data hostage. When you’re attacked by malware, it encrypts all your data. Since you don’t have the key, you aren’t able to read it. Typically you’re asked to make a payment in cryptocurrency in exchange for the key. If you don’t pay up by the deadline, the key is discarded and your data is lost for good.
Ransomware can be difficult and time-consuming to recover from; one town had to rely on typewriters when their computers were down after an incident. If you don’t have typewriters tucked away in a closet, here are some options to help prevent and respond to ransomware incidents.
Prevent Ransomware Attacks
It’s impossible to completely protect yourself from a ransomware attack; like any other malware, they spread through phishing and social engineering methods that trick your employees into opening dangerous attachments. Training employees is important but not foolproof.
Keeping up with your operating system patches is an important measure, as it reduces the number of vulnerabilities for hackers to exploit. You should also use antivirus software and whitelisting software to block malware and prevent unapproved applications from executing.
Ensure you have a reliable backup and disaster recovery process. This won’t prevent you from becoming a ransomware victim but will reduce the panic if you do.
Recover from a Ransomware Attack
The first thing to know about recovering from a ransomware attack is that you should never ever pay the ransom! For one thing, there’s no guarantee that you’ll receive the decryption key. Plus, once you pay ransom, you’ve shown that you’ll pay ransom, and you make yourself a target for additional ransomware attacks with bigger and bigger ransom demands.
Identify the ransomware that attacked you and see whether there’s a decryptor. This will let you recover your locked files without paying the ransom.
If there isn’t a decryptor (and it’s really not that likely you’ll find one for the exact version of the attack that victimized you), you’ll need to do a scan to remove the malware from your system and then restore files from a clean backup. Unfortunately you’ll lose any new files or modifications made between the time the backup was created and the time you were encrypted—good motivation for doing backups at least nightly. You’ll need to make sure the backup isn’t infected with the malware as well, as some ransomware can attack shared drives.
Then protect yourself from future attacks by hardening your cybersecurity strategy and making sure your backups aren’t vulnerable, perhaps by storing them in the cloud. CCS Technology Group information security services help you develop and implement an approach that protects you against ransomware and the many other common malware threats that target your systems. Contact us to learn more.