Ransomware – Dealing with it
So your computer has been infected with a ransomware virus? What do you do now? This information security tips video will talk about what to do if your device is infected with ransomware
You’re using your device and suddenly a chilling message takes over the screen.
“Your files are encrypted!”
What should you do?
First, don’t panic! There is life after ransomware.
Just follow these outline steps.
• Disconnect your device from the internet.
• If it is attached to a network, either at home or at work, disconnect it from that.
• Turn off the WiFi.
These steps help to prevent the infection from spreading to your other devices.
• Next, you need to find out what kind of ransomware you’re dealing with.
Do your research from another device.
Broadly, there are three types of ransomware:
1. Bluff ransomware – this tries to trick you into making a payment.
2. Screen blocking ransomware – this locks your screen, but is relatively easy to remove
3. Encrypting ransomware – there’s no disguising it: this can be nasty Bluff and screen blocking ransomware, with a little research and some technical skill are relatively easily removed.
For detailed advice on how to remove these types of ransomware, visit sites like:
https://www.nomoreransom.org/en/index.htmlor and https://www.bleepingcomputer.com
Files encrypted with some strains of encrypting ransomware can be unencrypted and recovered.
Unfortunately, with most encrypting ransomware this isn’t the case.
The major antivirus vendors provide ransomware analysis and some recovery tools.
For example, the No More Ransom Project’s Crypto Sheriff, https://www.nomoreransom.org/crypto-sheriff.php helps detect the kind of ransomware and, if available, gives a link to the solution.
Your research should reveal which strain of ransomware you have been infected with and if files can be recovered.
If you’re encrypted files can’t be recovered. Then, your general approach is:
1. Isolate the device.
2. Wipe and reinstall the operating system and up-to-date patches.
3. Reinstall your apps, especially the antivirus.
4. Recover your data files from a recent backup.
If these options aren’t available to you – especially having a recent backup – you’ll have to decide whether to pay the ransom or lose your data.
Authorities strongly advise against paying any ransoms. This is because ransom payment funds and encourages further ransomware attacks. However, it’s your data loss, so it’s your decision. Only you can calculate the impact of losing your data.
If you do pay, you’ve around a 90% chance of recovering your data. However, unless you also successfully remove the ransomware from your device there is a distinct possibility that the same attackers will hit you again.
In the next video, I’ll talk about how to deal with Ransomware if you are affected.
Other videos in this topic:
Ransomware – What is it? https://www.youtube.com/watch?v=lTBHuljwqM0
Ransomware – How to avoid it https://www.youtube.com/watch?v=nvd6RpLTW98&t=47s
Other videos you may be interested in:
How to spot scam emails – https://www.youtube.com/watch?v=LAvqvVS0e3o&t=1s