Monday, October 1, 2018
What to Do If Your Computer Is Infected with Ransomware
Ransomware has been in the news a lot lately, with big incidents involving WannaCry, Petya, and many more. The effects that they have can be devastating. They often render computers completely useless and wipe out all of the data saved on them.
While it's obviously best to avoid getting ransomware to begin with, even the safest of users can get infected. That is why it's important to know what to do once your computer does have ransomware on it.
Ransomware is called such because they either lock your computer, encrypt your files, or both and then request payment to remove it.
While you can pay the ransom in hopes of regaining access to your computer and files, it's generally recommended that you don't. The reason for this is because there's absolutely no guarantee that the hacker will ever give you the key to remove the ransomware instead of just pocketing your money and not doing anything about it. Plus, it encourages the hacker to launch more attacks towards you or your company because they know you'll pay up.
So, unless you're willing to take that risk, it's generally a better idea to not pay the ransom.
What to do once your computer is infected
If you are unfortunate enough to end up infected with ransomware, there are a few first steps you can take to try and minimize the damage it does. It is very important to follow the correct steps exactly to limit the damage that the ransomware will do.
The very first step is to disconnect the computer from any and all networks. This will not only keep the ransomware from communicating with the hacker, but it will stop it from spreading and infecting other computers. This step should be done the very second you notice that the computer is infected.
The second thing you need to do is shut down the computer completely, as this will also help keep the damage at a minimum as well as help you potentially recover your computer and its files later.
Finally, you will want to report the incident to the authorities and file a police report. This is not only a necessary legal step in order to file an insurance claim, but it could potentially give the law enforcement officers more evidence to help catch the hacker.
Removing the ransomware and recovering your files
Once you've gone through the first important steps, you have a couple options you can try in order to get your computer back. But, unfortunately, it's not easy to get your data back and there is a very good chance that it may be lost forever.
One of the best options to try is to use the System Restore tool in Windows. To do this, boot your computer back up but don't log in. From the Windows login screen, hold the shift key, click the power icon, and then select restart. It should reboot to the recovery screen.
Once you are on the recovery screen, select "Troubleshoot," then "Advanced Options," and finally, "System Restore." Follow the onscreen instructions to restore your Windows installation back to the previous state before it was infected.
If you're not able to get into the system restore screen normally, then you will need a copy of Windows installation media on either a USB drive or a disc. You'll want to boot into it and choose the "Repair" option instead of installation.
If using the System Restore option doesn't work, then you will need to install a virus scanner to a bootable USB drive or disc. Most of the big antivirus brands will have something like this. AVG, Avast, and Bitdefender all have good, reliable tools that will do the job.
Once you have your bootable virus scanner, you'll want to restart the computer and boot into the scanner in the same way that you booted into the Windows installation. From there, you can run an offline scan on your computer and it will hopefully be able to remove the ransomware for you.
If even that doesn't work, then you will need to use your Windows installation media to do a complete wipe of your computer and reinstall windows. All your data will be lost for good, but you'll have access to the computer again.
Ransomware is one of the worst forms of malware that you could possibly get. It is difficult, if not impossible, to remove and does a lot of damage. This is why It's so important to avoid getting infected with it to begin with.
To avoid ransomware in the future, you will want to make sure you keep everything up to date, particularly the typical vulnerable software like web browsers, Java, and Adobe Flash, and be sure to have a good antivirus program running on your computer at all time.
But the most important thing to do in order to avoid ransomware is to be wary of every email you see, because this is one of the most common methods hackers use to try and infect people with ransomware. Don't trust any email if you're not completely positive who sent it to you, and never download any attachments if you don't already know for sure what they are.
Most important part of ensuring that you are able to recover from an attack is maintaining a consistent and solid backup solution. If you have not evaluated how you back up, you should do it today!
As long as you follow this advice, you'll greatly reduce the chance that you end up getting infected with ransomware in the future.
Contact Bit by Bit for more information to help recover from a ransomeware attack or help with all of your technology needs. 877.860.5831 x190
What is SOC-as-a-Service? By Robert Blake Having a Security Operations Center (SOC) in-house is expensive for the average business. Large ...
A managed IT service provider (MSP) is an outsourced company that takes care of a business's technology needs. They provide various serv...
Network segmentation refers to the process of dividing a computer network into smaller subnetworks, known as segments or zones. Each segment...