How To Handle A Ransomware Attack
Ransomware attacks like the infamous ‘WannaCry’ cyberattack in spring 2017 have been increasing over the last few years, and continue to grow at record speed in 2017. This makes it more important than ever to be prepared to deal with cyberattacks.
Ransomware viruses infect the hard drive of a computer and then encrypt the files stored on that computer, or they lock the device (a well-known example is the malware ‘Locky’).
Typically, when someone tries to use an infected machine, they are greeted by a pop-up screen demanding payment in return for decrypting the files or unlocking the computer.
The ‘WannaCry’ attack took out more than 200,000 computers in 150 countries, showing that everyone is at risk and that all weakness can and will be exploited by hackers. Even computers using macOS are increasingly being targeted by ransomware attacks.
Protect your computer from virus attack
So what can you do to counter ransomware attacks? Obviously, the best defense is to avoid being infected in the first place. Here are a few simple things you can do to protect your computer from viruses:
- Always keep your operating system (OS) up to date, including security patches
- Always keep browser related programs (e.g. Adobe and Java) up-to-date
- Install an anti-virus program that is up-to-date, and regularly scans your machine for malware
- Always keep a full back up of your files
- Avoid downloading software from dubious sources, and don’t click on links in suspicious emails
The most common route of infection to date has been via malicious emails, so it’s advisable to disable macro scripts from Microsoft Office files attached to emails.
If you’re not using one of the big email providers like Gmail or Hotmail, you can use scanning software to scan incoming emails for malware.
Attackers are increasingly using other means of spreading viruses, including through torrent sites, browser extensions, and fake activation keys of popular software, so you need to keep a wary eye on those too.
The critical importance of backing up your computer
If you keep a full backup of your files, in the worst case you have the option of resetting your computer to factory settings, and then restoring it from the backup.
This is the most effective way to counter a ransomware attack, but it has to be a 100% complete process, to avoid any infected files remaining on your machine.
Store your back up on a device that is offline, such as an external hard disk, and/or in the cloud. But in any case make sure that your backup is not connected to your computer network, so it doesn’t get infected as well.
If you find yourself in a situation where you want to restore an infected computer from a backup, make sure to choose a backup that dates from before the virus infection (usually 2-3 days before the first signs of infection is enough).
Unfortunately, only a quarter of the households in the USA currently back up their data, which is why many victims still agree to pay cyberattackers to release their files.
So make sure to back up your computer today, and you’ll be a big step closer to protecting your device from cyberattacks.
What to do if you’ve already been attacked
So what can you do if you’ve already fallen prey to one of the ransomware viruses?
In general, it’s best if you don’t pay the ransom to the attackers. Often hackers make no effort to return your files. In fact, there is nothing to stop them form demanding even more money.
If your device has been locked by a virus, the hackers send you a second file to unlock the machine after you pay the ransom. However, this “unlock” file is likely to infect your computer with even more malware.
So even if you decide to pay the attackers, chances are slim that you’ll get your data back, and certainly not in the pristine state it was in before. The FBI now strongly recommends against paying ransomware attackers.
Is there a way to get your files back without paying ransom?
Unfortunately, once your files have been encrypted, the only way to get them back is with a decryption key. For some strains of ransomware viruses, there are decryption tools available, but you’ll probably need an expert to help you with that.
The best ways to protect your computer against ransomware attacks are two-fold: prevention and backup.
Your first line of defense is an up-to-date anti-virus program (as well as anti-malware programs) coupled with precautionary measures to avoid downloading files/attachments from dubious sources.
Your second line of defense is your backup. If you have created a full backup and your computer is infected by ransomware, you can reset the computer to wipe all infected files and software, and then restore yours from the backup.