So, you’re already familiar with the best ways to protect your business from ransomware, the vicious form of malware that encrypts all your files and demands a ransom to regain control of them. But what exactly happens if your machine does get infected? And what should you do in response? These are excellent questions; we’ve helped countless clients with their network security.
Usually, when someone is infected with ransomware, they don’t know exactly what’s going on. So they contact their provider noting that they keep receiving an error message when trying to open documents. They may also mention an unfamiliar file named “How to Decrypt Your Files” (or something to that effect). These are the telltale signs that your machine has been hit with ransomware.
How people get the virus
The single most common way PCs get infected with ransomware is through email. Someone will receive a message that appears to be urgent — a phony invoice, for example — and they’ll be compelled to open it.
They haven’t been infected just yet, however; the actual infection occurs when the recipient opens a link or attachment that the email urged them to look at.
Ransomware also affects people on both familiar and unfamiliar websites that have been infused with malware code. We even see attacks happen through Facebook, as friends’ accounts become compromised and post links to “hilarious videos” and other kinds of clickbait.
That single, impulsive click leads countless users to lose control of their text documents, spreadsheets, pictures, videos, and other personal/business files.
What to do if you get ransomware
If you’re a victim of ransomware, it is very important that you turn your computer off and disconnect it from all networks to minimize damage. This particular form of malware will pervade your systems and encrypt anything the infected machine is linked to, including external drives and backups.
If you do have a backup that hasn’t been compromised, you should be able to restore your machine to a point before the attack occurred. Unfortunately, if you do not have a backup, those encrypted files are gone unless you pay the ransom.
Should your company pay ransomware demands?
We understand; your invaluable data is looking more and more distant as time goes on, and you want nothing more than to regain control of your documents. You know you should have had a disaster recovery plan and a backup in place for this exact situation, but you don’t, so you’re tempted to pay thousands of dollars to get your stuff back. Don’t do it.
Yes, paying the ransom usually works. In fact, many hackers even have international, toll-free numbers you can call for technical support in case there’s an issue with your decryption.
Nonetheless, payment is not recommended for several reasons:
- Your organization becomes a target when hackers know you’re willing to pay ransom for your files.
- The decryption files/software that you’re given after payment oftentimes include more malware!
- Paying ransom perpetuates this illegitimate activity, as hackers make huge profits off of your distress.
Certain types of organizations — hospitals — are common targets of ransomware because they are prone to paying ransom fees in order to become operational as soon as possible. Because of this, hackers look to them as a reliable source of income.
Removing the malware from your machine
Most ransomware can be removed with regular anti-virus software (or ransomware-specific cleaners). You won’t have ransomware anymore -- and may be able to use your computer to some extent – but this will not decrypt your compromised files; it will only remove the active virus from your machine. However, it is very important that you have a professional take a look to be sure the malware is completely gone; these types of viruses are always changing and adapting to stay hidden.
Ransomware is one of the most troublesome viruses you can get. Safeguard your network with a backup, establish a disaster recovery plan with your provider, and save yourself from having to deal with the “to pay or not to pay” dilemma.