Ransomware attacks, where cyber hackers hold your systems and data hostage until you pay a ransom, have been increasing in popularity recently and are even making major headlines in the news. The malicious software will prevent end users from accessing systems, encrypt files and even stop certain applications from running. Ransomware is pretty nasty stuff, folks.
Ways to Prevent Ransomware
- Install, update and use antivirus software. An often overlooked mistake in antivirus configuration is allowing end users the ability to disable antivirus functions on their workstations, make sure that isn’t occurring.
- Don't rely on antivirus solutions alone; consider installing advanced protection such as Microsoft’s EMET - which is free. While the antivirus looks for known viruses and their signatures, tools like EMET will anticipate and identify malware behaviors and nip them in the bud. This helps protect against unknown or zero-day malware.
- Ensure that your users are trained on how to detect and prevent phishing attacks. Test your employees on a regular basis to ensure that the training continues to be effective.
- Don't plug unknown devices or USBs into your workstations.
- Make sure that your systems are backed-up completely and routinely. This crucial security measure will allow you to revert back to a known ransomware-free state in the case of an attack.
What to do if Ransomware Affects You or Your Systems
So should we all just give in and pay the ransom? Keep in mind, there is no guarantee that paying the ransom or doing what the ransomware tells you to do will give you access to your PC or files again. We generally recommend against doing this if at all possible. If you have paid a ransom, we recommend that you contact your bank to see if funds can be recovered. We also recommend reporting the incident to federal authorities through your local FBI field office.
Tools and methods to recover from ransomware are unique to each instance, but here are a few things you can try:
- Enter Windows’ Safe Mode and run an on-demand virus scanner to root out the ransomware.
- If you can’t enter Safe Mode try a bootable antivirus scanner that is available from most antivirus manufacturers.
- Try a system restore procedure to roll back your Windows machine to a previous point in time. This doesn’t affect personal files, only system files and programs. To do this Windows Restore must be enabled.
- If your files were encrypted through a variant of ransomware that will do this, you’re in trouble. The only way to decrypt the data is with the encryption key, which only the hacker knows. This is why it is very important that your most critical data is backed up on a regular and very frequent basis. If all of your critical files are indeed backed up, you can proceed by removing the ransomware and then simply restoring your backed-up files.
Please join us on March 31, 2016, at 3pm ET, as we host the first ever Schneider Downs Twitter chat to talk about this important topic. You can join in the conversation by following #SDTechChat. Chris Debo, Technology Senior Manager, will be our moderator as we aim to bring awareness about the issue of ransomware. Be sure to follow us on Twitter for the latest news and updates!