How to Overcome Ransomware

Craig Pollack | Feb 27, 2018

Topics: Cybersecurity

It’s the message that no IT professional, business owner or end user ever wants to see. Your computer screen lights up with a message warning that all of your invaluable files and data have been encrypted. And, unless you pay a ransom, the message says “your data will be destroyed” in a set amount of time.

That, in a nutshell, is an example of ransomware. This malicious form of virtual attack can prey on a computer’s weaknesses (machines that are not regularly updated or patched), or may simply involve sending an email and tricking users into opening an attachment or link. Implementing a strong computer use policy to help end users understand and practice internet usage best practices can be a handy way to prevent these attacks.

According to the April 2017 Internet Security Threat Report (ISTR) by Symantec, ransomware poses one of the most significant online threats to businesses, organizations, and individuals. In 2017, one in 131 emails sent were malicious and “Attackers are demanding more and more from victims with the average ransom demand in 2016 rising to $1,077, up from $294 a year earlier.”

But, how can you tell whether your computer or network has been hit with ransomware? Let’s take a look at some of the clues that you have been compromised and what you can do about it.

Ascertain Whether Your Computer Has Been Infected

The good news is, relatively speaking, it’s fairly straightforward to tell whether your system has been affected by ransomware.

I’ve put together a list of some of the primary symptoms:

  • You suddenly can’t open your files.
  • You receive error messages stating that a file is corrupted or has the wrong extension.
  • A message containing instructions on how to unlock your files appears on your desktop.
  • A program window pops up, warning that there’s a countdown until the ransom increases or you’ll permanently lose access to your files.
  • A window opens to a ransomware program that you can’t close.
  • You discover files with names like “HOW TO DECRYPT FILES.TXT” or “DECRYPT_INSTRUCTIONS.HTML.”

What to Do If Your System Has Been Affected by Malware

Obviously, those are all bad signs. If you have seen any (or all) of the above-mentioned signs, then you need to immediately take the following actions:

Step One: Disconnect Your Computer

  1. Unplug the network cable from your computer
  2. Turn off any wireless connections (wifi, bluetooth, etc.)

Step Two: Determine the Scope of the Infection

Check again for the aforementioned signs of encryption on the following equipment and devices:

  • Mapped or shared drives (your network drives)
  • Network storage devices (NAS drives)
  • External hard drives
  • USB flash drives
  • Cloud-based storage (OneDrive, Dropbox, Google Drive, Anchor, etc.)
  • Other infected computers/workstations

Step Three: Determine the Strain of the Ransomware

As scary a thought as it may be, ransomware isn’t something new. It has been in existence in one form another since 1989 with the release of AIDS Trojan, which was transmitted via floppy disks.

So, when considering your own organization’s ransomware situation: What kind of ransomware is it? If you’re able to determine which kind of ransomware has infected your systems, then you can be better prepared for how to respond to the situation.

Some of the worst types of ransomware circulating on the Internet over the past several years have included:

Step Four: Determine Your Response

How will your company or organization react? What protocols or procedures do you have in place?

How to Recover in the Aftermath

Now that you understand the scope of the damage, it’s time to make repairs and do some cleanup work. Naturally, if you’re one of our clients, your first response should be to call FPA. We’re happy to note, though, that we haven’t had to respond to one of these situations in months because our clients are so well protected. However, if you aren’t a current client and/or your sister company gets hit, here are your options:

Option One: Restore from Backups

  1. Locate your backups
  2. Remove the ransomware from your infected systems
  3. Restore files from backups
  4. Determine how the infection gained access and address the issue (think: user training)

Option Two: Try to Decrypt Your Files Yourself

  1. Although becoming more common, this is still a relatively rare option
  2. Determine the strain and version of the ransomware
  3. Locate a decryptor and attempt to decrypt your files
  4. Determine how the infection got in and address the issue (think: user training)

Option Three: Negotiate and/or Pay the Ransom

  1. Convert funds into some form of cryptocurrency, such as Bitcoin
  2. Pay the ransom via cryptocurrency
  3. Acquire the unlock code
  4. Decrypt your files
  5. Determine how the infection gained access and address the issue (think: user training)

Option Four: Do Nothing

No one wants to have to resort to any of these options. Our FPA team would prefer that our clients didn’t have to deal with these kinds of issues at all. However, to ensure your business is as well-protected as possible against these scenarios, our preferred method is prevention.

I don’t want to sound like a broken record by repeating the same things (so I won’t). Instead, I’ve just put together a brief list of blog resources that can provide you with additional helpful and informative information:

If you are one of FPA’s Managed Service clients and you’re fully on our “FPA Stack,” our core foundational technology platform, then you are already protecting yourself. While there is no 100% guarantee of protection in the cybersecurity world, hackers are more likely to work on less protected networks than spend more time and energy trying to attack your highly-protected assets.

Be sure to share your thoughts on this topic. How do you think this information has been helpful? Let us know in the comments box below or send me an email if you’d like to discuss this in more detail.

Technology review call

Author

Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 25 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best secure and leverage their technology to achieve their business objectives.

Comments