After ignoring recommendations to back up your files or to update your security software, you boot up your computer one morning and experience some very unusual behavior from the machine. The classic symptoms of an attack include:
- The computer is very slow.
- You are unable to open some files or you’re getting errors such as “wrong extension” or “file is corrupted.”
- You have opened a window on a program, and it will not close.
- There is a message on your screen saying your files have been encrypted until you pay a ransom.
- You find files with names such as decrypt_instructions.html or how to decrypt files.txt.
The first thing to do after determining that you have ransomware is to disconnect your computer from any network connections, such as Bluetooth or WiFi, as well as any external drives to prevent the infection from spreading to more files.
Then check out your network and local storage drives to determine how many files in the registries are affected by the malware. Often the ransomware will have a file listing or registry showing all the files that it has encrypted.
The options available are: restore your files, decrypt the files, do nothing or negotiate a settlement.
Restore Files from Backup
This is one of the best ways to deal with any strain of ransomware attack. While backups used to cost a lot to purchase and maintain, the development of cloud storage services, such as Dropbox and Google Drive, have made backups cheaper. While ransomware may go as far as encrypting files on your connected cloud storage servers, such services allow you to revert the files to a previous time. Locate any files on your cloud storage or external drives that contain any of the encrypted files. After verifying that you have backups of all the important files, you may remove the malware or wipe and rebuild the computer before restoring your files.
The growing threat of ransomware and the proliferation of certain types, such as the Cryptolocker and the Cryptowall, have made it economical for anti-virus companies to develop preventative measures and solutions for infected devices. Nonetheless, it is vital to take into account that decryption mostly works with older versions of malware.
As such, you need to determine the type of ransomware on your computer to find out if you can decrypt it. Then find an appropriate unlocker/decryptor by performing a Google search with the name of your strain of malware. The unlockers you find may or may not be successful in decrypting your files depending on their age or the strain of ransomware, but it’s worth a shot.
Additionally, it is important to always follow security basics online when you are using decryptors, such as only downloading tools from trusted anti-virus sites or forums, as hackers may make websites to scam desperate people like you. If the decryptor fails to unlock your files, it may be time to consider alternatives, such as negotiating a ransom or restoring your files from backup.
You could also opt to do nothing toward the recovery of your encrypted files by just wiping your computer and starting afresh. If the files in your database or computer are not of significant importance or restoring from backup is not an option, this solution may be best. Run an anti-virus scan using tools such as Kaspersky, Malwarebytes or Bitdefender, and follow the removal procedures as set out in this article.
Before starting afresh, if the files on your computer are of significant importance, you may want to backup the encrypted files on a separate storage device for safe keeping. You never know when an effective unlocker for your strain of ransomware could be developed. If is it, then you’ll be able to jump back to step two and decrypt those files down the road.
Pay the Ransom/Negotiate
If you have tried all the other alternatives without success, you may have to pay the ransom. While many security experts advise against paying a ransom since it encourages the hackers to carry out more attacks, in some instances, you may have no choice but to pay up. For example, if you are a wedding photographer, losing a client’s photographs is unthinkable. To avoid inevitable damage to your reputation, you may just have to pay to regain access to those images in a timely fashion.
You may have concerns whether the hackers will uphold their end of the deal after receiving payment, but statistics show that most hackers will quickly decrypt your files as soon as you pay up. However, the risk of them not responding after payment remains, and it is up to you to gauge the risk versus the reward.
If you do decide to pay the ransom fee, follow these simple steps:
- Locate the payment instructions that include the time left to pay, where to pay and how much to pay.
- Find a Bitcoin exchange site, such as Localbitcoins.com or Coinbase.com, to buy the required amount of Bitcoin.
- Pay the ransom to the Bitcoin wallet provided on the hacker’s website.
- Decrypt your files with the key the hacker provides after the transaction is processed.
Future Protection and Prevention
Nothing rings truer than Dustin Dykes’ assertion that security systems have to win every time while the attacker only has to win one. As such, it is important to protect yourself against future attacks by following these cybersecurity recommendations.
- Several Layers of Protection: Ensure that you implement layered security, such as privacy controls, anti-virus software, firewalls and anti-spam to your databases and systems to make it harder for a hacker to penetrate all of the layers at once.
- Train Users on Security: It is critical that you train yourself and any other device users on how to recognize red flags so that they do not click on malicious websites, links or documents in phishing emails.
- Backup Your Important Files: Invest in physical hard drives and cloud-based solutions to backup your most important records and documents so that you can easily restore them in the instance of a future malware attack.
- Invest in a VPN: Install a Virtual Private Network (VPN) to route and decrypt all of your connections through a secure offsite server that is impossible for the hacker to intercept. Hackers targeting your network will see the VPN’s secure server rather than your system, thus keeping you anonymous and safe.
How are you dealing with the increasing threat of ransomware? Have you implemented any security measures? How effective have they been? Join the conversation by leaving your comment below.