Ransomware attacks are increasing exponentially as many people embrace working online. Within the first six months of 2020, the number of ransomware victims increased by over 700%.
The loss occasioned by ransomware is ballooning, running into billions of dollars. There is no industry spared by ransomware. It attacks tech, gas and oil, and insurance companies, and even institutions of higher learning.
So, whatever business or organization you are running, you aren’t safe from ransomware.
Signs Of a Ransomware Attack
- Missing or changed file extensions
- A message pops up asking you to pay the ransom – you won’t be able to close this message.
- You receive errors about corrupt data or incorrect file extensions.
- A message pops up instructing you on how to pay the ransom to unlock your files.
- A program will generate a countdown to shutdown your system.
- Alarming messages appear on your computer desktop.
- Files fail to open.
Recovering From Ransomware Attack
So you’ve confirmed a ransomware attack on your computer. What next? Do not despair; all is not lost. Here are the steps you can take to recover from the attack.
Separate the infection
After detecting a ransomware attack, the faster you act, the better. This is because ransomware spread very fast and can bring your entire computer network within a short time.
Once you’ve detected the infected computer, isolate it from other computers in the network and even from the storage devices. Also, disconnect it from the internet. Cryptoworms naturally spread actively across networks, so it’s necessary to stop this from happening.
Stopping the spread of ransomware isn’t just about isolating the computer on which it was detected. You never know. The ransomware must have spread to other computers in the network, or it came from one of those computers. So, detecting it on one computer could just be the tip of the iceberg.
The ransomware might have infiltrated your organization’s network and might be dormant in some computers. Treat all networked or connected computers as suspects and let your IT department develop measures to determine the extent of the attack and isolate more computers.
Identify the Malware
It is advisable to be 100% sure that you are facing a ransomware attack. Typically, ransomware is easy to identify because it will ask for ransom. Before that happens, you can use ID Ransomware sites to help you identify the ransomware.
You need to identify the ransomware you are dealing with, the file types it encrypts, how it spreads (propagates), and what options you have for its disinfection or removal. It is also recommended that you know the type of ransomware you are dealing with to report it to the relevant authorities.
Report The Ransomware To Relevant Authorities
Reporting a ransomware attack will not only help you but everyone who might be under the same attack. The Federal Bureau of Investigations (FBI) encourages all victims of ransomware to report the incidents.
Your report will help the FBI and other law enforcement agencies to understand the threat, give them the basis for investigations, and help them deal better with other ransomware cases they might be dealing with.
Knowing more about you and what you’ve experienced will help the authorities find who created the ransomware and how they target or identify victims. The FBI has an Internet Crime Complaint Center where you can report ransomware cases.
Determine The Options You Have
As a ransomware victim, you have four options:
- Paying the ransom
- Removing the ransomware
- System restore
- Clearing your system and starting from scratch
Experts advise strongly against paying the ransom as this will encourage the perpetrators to continue with this vice. Further to that, when your files have been encrypted, unlocking them may fail. Meaning, you can pay the ransom but still fail to get your data back.
That leaves you with the other three options. Naturally, the next step would be to try and remove the ransomware.
Removing The Ransomware
There are software packages and internet sites that can help with ransomware removal from your computer system. The most popular internet site to remove malware is NoMoreRansom! Project.
However, this site may not work for all cases of ransomware attacks. Not all ransomware attacks have decryptors, and, unfortunately, new ransomware is more complicated than the old ones. Meaning its decryptor has not been developed.
Restoring your computer to an earlier date (before the ransomware attack) is one way of eliminating malware. For this method to work, you have to identify the date of the malware attack. You can determine this from the date you received the malware messages.
The advantage of system restore is that it leaves your files intact and only eliminates unwanted malware. The only problem with this method is that you might not determine the exact date the ransomware found its way into your system.
Some malware doesn’t show themselves immediately when they attack a computer system. They may be dormant for days, weeks, or even months before they begin to show up. For this reason, system restore can not provide an absolute assurance that your system is safe.
If the ransomware weren’t removed from your system, the only option left would be to clear your system and start afresh.
Starting afresh is the only option that guarantees 100% success. The only problem with this method is that you’ll lose all data. This is because you’ll have to clean your storage devices and reinstall your operating system.
Formatting your hard disks will ensure no malware remains in your system. This will clean even other malware that you had not detected.
If you had your data (media files, documents, etc.) backed up, then you need not fear cleaning your system and starting from scratch. It is tedious to format all hard disks, install the OS, and restore your files, but the effort is worth it.
When you are a victim of a ransomware attack, choose the most cost-effective and effective way of dealing with the malware. Taking appropriate action will help you and those who might have fallen victim to this vice.
After clearing the malware from your system, devise preventive measures to protect your system from future attacks.