What to Do If You Get Hit by Ransomware

data securityAny IT security buff will tell you malware is always evolving. Cybersecurity is an endless tug of war waged between security updates and malware altered to overcome those updates.

One major threat is ransomware, a particularly nasty computer bug that has gained traction in recent years. If you’re not familiar, ransomware is a type of malware that infects targeted systems and encrypts them (locks users out). This encryption could affect the entire system or specific files and programs.

When the system gets hit by ransomware, users can’t access their data and are prompted to pay an amount (i.e. a ransom) to the hackers for the decryption key. If the victim pays up, the malware supposedly “decrypts” the data, and the system is no longer held hostage.

This bug often targets companies, business, or organizations with extremely valuable data. If you’ve kept up with recent news, you likely heard about the “WannaCry” ransomware, a bug that targeted old Windows XP operating systems throughout hundreds of hospitals.

The question then, of course, is how do you get rid of it? Unfortunately, doing that can be very difficult depending on the level of encryption. WannaCry had to have an emergency patch released by Microsoft to fix it, and that fix was only effective if infected systems hadn’t yet been restarted.

It is better to adopt a strict, proactive security policy than risk getting hit with ransomware. However, if you do get infected, don’t lose hope. There are still steps you can take to save your business and your data.

Primarily, your first option is to employ anti-virus tools to locate and remove the ransomware itself. In some cases, you may not even have actual ransomware. Rather, you might be dealing with pop-ups or screen locks that attempt to intimidate you into paying for a security fix. These are generally weaker versions and can be dealt with using up-to-date anti-virus scans.

To remove those, you will need to boot your system(s) in safe mode and run the anti-virus program. If screen locks prevent this, use the Windows system restore option and run anti-virus from there. If you’re still having trouble, you can use Windows boot media (disc or media) to start and opt to “Repair your Computer,” which will provide you with safe mode options.

It’s also a good idea to routinely back up your data, especially if you suspect your system is prone to ransomware infection. This is because, unlike “scareware” and screen locks, variants that involve deeply rooted encryption like Locky can prove difficult to remove.

If you can’t work around the ransomware, you may need a system full restore or, unfortunately, a complete reinstall of the OS. This is not common, but it is possible.

If you have removed the ransomware, however, you can check your system for potentially lost files. Some ransomware only hides them (you can search through Windows by checking “search for hidden files”) or check for potentially missing data.

Now that you understand a few ways to remove it, practice safe preventive habits, since that’s the best defense. Keep programs updated, your anti-virus up to date, and avoid suspicious links, websites, or messages that might infect your system with ransomware. It’s difficult to deal with, but not unstoppable or unavoidable.

This entry was posted in IT Tips. Bookmark the permalink.
Crain's Best Places to Work for Millennials Tech Top Ten MSP Mentor MSP Partners
Stratosphere Networks, LLC, Data Communications Equipment & Systems, Evanston, IL