Ransomware is extremely costly and difficult to get rid of, and once your files are encrypted you may have lost that data permanently. Giving in to the ransom demand is expensive, gives no guarantee that your data will be restored, and only encourages cybercriminals to keep attacking and extorting money from individuals and companies alike. Clearly, the best way to deal with the increased rise in ransomware attacks is to implement solid preventative measures to avoid getting infected in the first place. And, if the worst should happen and all your files do get encrypted, to have alternative ways of restoring your data.
6 min read
By Kristina Skåtun
December 12, 2020
This article will go over some good measures to reduce the risk of getting ransomware on your computer, as well as some advice what to do if you do get infected. Ransomware was covered in our previous post, so check it out for more details about what ransomware is, how it works, and the most common ways your computer gets infected.
The main way ransomware gets installed on your computer is through phishing, a form of social engineering where an individual is tricked into installing the malware. There are several things to look out for:
Ransomware can also exploit technological vulnerabilities. There are a few dos and don’ts to make sure your technological routines are up to scratch.
This cannot be stressed enough and may be the most important measure you do. Having a good backup system is key to protect yourself from losing your data. Instead of paying the ransom, it is better to reinstall everything from good and recent backups, so make sure you have a backup on an external hard drive or in the cloud so that the backup data doesn’t get infected along with your computer.
First off, make sure it is actual ransomware and not just an imitation (such as screen-locking ransomware). The latter may be more easily removed, and is often characterized by trying to shame the victim (eg having been caught looking at adult websites) and pretending to from a source such as the FBI or the police. If you can read most of your files and navigate through your computers system, it is most likely a fake.
However, if the ransomware is authentic there are three main paths you could chose:
First off, it is not recommended to pay the ransom. This will only encourage this type of attack, and there is no guarantee that you will receive the decryption key. Some may even ask for the ransom one more time before they give what you payed for.
That being said, some have chosen to recover the data by paying the fee, especially in the case of medical records or where there is no good backup to reinstall your files from. This is not an easy issue, and the pros and cons can be discussed at length. Again, take good backups of your data, and you will not have to be faced with this dilemma should you be so unfortunate to have all your files encrypted.
Disconnect your infected computer or system from the Internet and other devices, and use an antivirus to remove the ransomware. Note, this will not recover your files, but should remove the virus from your system. Check if there are any deleted files you might recover. Also, finding the exact type of ransomware strain might help you decrypt the files (though not in most cases). There are some online tools like ID Ransomware and Crypto Sheriff that will help you with this. There are also some decryption tools available for some strains, so checkout No More Ransom if a decryption key exist for a specific strain.
If decryption is not possible, then restore the files from your backups. The best is to wipe your computer or system completely, reinstall the operating system, and then restore the files to make sure all traces of the virus is removed. Make sure your backup is not infected before you start. This is the fastest and cheapest way of getting your systems up and running again.
This may not be optimal, but if your data is not very important or something you can’t replace, then simply choosing to reinstall you affected system may be a good solution.