According to a recent survey, nearly 50% of all organizations have been struck by some type of ransomware in the last 12 months. In fact, in March 2016 alone there were more than 56,000 reported attacks. Furthermore, CNN reports that $209 million was paid to ransomware hackers in just the first quarter of last year. If you think you can’t be a victim, think again. Even if you have a strong cybersecurity incident response strategy in place, it’s just as important to know what to do in the event that a threat slips by undetected.
If you find you’ve been hit by a ransomware attack, here’s what you need to do to mitigate damages and get things back on track as quickly as possible.
Step 1: Avoid clicking on anything unfamiliar.
It’s not uncommon for hackers to use pop up messages in an attempt to entice users into their trap. For instance, a dialog box might pop up containing a message that indicates your computer has been infected and instructing you to take certain steps to rectify the problem. Unfortunately, doing so will only make matters worse. Avoid clicking on anything that’s unfamiliar or even the slightest bit suspicious.
Step 2: Disconnect from the network.
The ultimate danger of ransomware is that it is designed to spread through the network as quickly and invasively as possible. To mitigate damages, you must take the appropriate measures to thwart the malware’s infiltration. As soon as you believe you’ve been infected, immediately disconnect your device from the network. If you are accessing the internet via WiFi, turn it off. If you are connected via an Ethernet cable, unplug it right away. The more quickly you cut off access to your network, the less havoc the hackers will be able to wreak.
Step 3: Save and troubleshoot.
As soon as you’ve disconnected from the network, the next step is to save any and all important documents or files you’ve been working on. Then, reboot your computer in safe mode. Once you’ve rebooted, run a virus scan. Hopefully your cybersecurity incident response strategy includes adequate virus protection that’s designed to both detect and eradicate any identified malware. In the absence of this type of security software, you may need to use another device to download the software, save it onto a flash drive and then run it on the infected device accordingly.
Step 4: Restore your system.
If your anti-virus software doesn’t do the trick, you may need to restore your system back to a previous period, prior to the ransomware infection. Provided this feature was never manually disabled, running a system restore from safe mode should be pretty easy and straightforward. To begin, simply choose Advanced Boot Options and then select Repair Your Computer. From there you should see an option for System Restore. Launching this will result in your device restarting in an older version.
Step 5: Examine your files.
The next step will depend on the type of ransomware that has infected your device. If you can’t locate your files (or the shortcut icons for them), that means they’ve either been hidden or they’ve been encrypted. To determine what type of mess you’re dealing with, start by finding your hidden files. Open your File Explorer and choose Computer (or This PC). Click the View tab and choose Hidden Items. If a list appears here, you should be able to restore your files easily by simply right-clicking each item, choosing Properties and unchecking “Hidden.”
If your files do not appear in the Hidden area of your computer, this unfortunately means your data has likely been encrypted. That means the hackers were able to lock up your data and they will only release what they’re holding “hostage” if you agree to pay their proposed fee (hence the term “ransomware”). This is why a cybersecurity incident response strategy that includes frequently backing up data to the cloud or external resources is so critically important.
Step 6: Don’t let it happen again!
If you’ve been unlucky enough to have been hit by ransomware, you’re obviously not alone. Aside from being a huge headache and possibly costing your organization a good deal of money, this unfortunate event should serve as a lesson in how important it is to take proactive measures that will improve your level of protection against such attacks. Start with a highly effective monitoring system, and then leverage tools like automated cybersecurity incident response to establish a closed-loop process. And, above all else, educate your employees on how to properly back up files and recognize the signs of potential malware. Taking the steps to prevent as well as being prepared to remediate an attack is key.