"The concept behind ransomware, a well-known form of malicious software, is quite simple: Lock and encrypt a victim’s computer data, then demand a ransom to restore access. In many cases, the victim must pay the cybercriminal within a set amount of time or risk losing access forever. And since we’re dealing with criminals here, paying the ransom doesn’t ensure access will be restored.Source - Norton

You will find that a lot of the ransomware programs rename your files, and in most cases even if you pay the ransom your files may be returned to you with a different name than what they had before. This may not seem like such a big deal if its something like a word document that you can easily open to verify what it is BUT if it is a special file used by a program or even a database file you may never know what it is or where it is meant to go.

How do you protect against ransomware?

Maintain good anti-virus such as ESET Internet Security, if you do have an anti-virus make sure the license has not expired and it is always up to date on virus definitions.

Practice safe internet procedures like never opening a weird file attachment from someone that sends you an email unless you trust that person. 

Stay away from any email attachments with a .exe or .zip file attachment as these are often malicious.

What should I do if I get hit with ransomware?

We can't tell you to pay OR not pay the ransom. Unfortunately, that is on you. But there is no guarantee the criminals will return your files if you do pay. OR that the files will be useable when they do return them.

Your best bet is to maintain good security and have air gapped backups.

What is an air gapped backup?

These malicious ransomware programs usually seek out all connected flash drives, network drives and computers and try to infect them. So there is a good chance that once you are hit all of your connected devices are compromised.

As most people tend to leave their backups or network storage plugged in at all times this means your backups are toast.

If you have a cloud backup it may be okay BUT if it is set to automatically run it might simply upload the encrypted ransomware files to your cloud, and then good luck trying to sort out what is a good backup and what is malicious.

The recommended solution at least from Regal Computer Services is to maintain regular backups to a device that you plug in ONLY to do a backup and then unplug immediately after the backup is completed. 

This minimizes the potential for infection.

How to restore my computer from backup?

Sadly you will need to disconnect your computer and all other networked devices from your network, replace the hard drive in the infected computer (and every other suspected computer) with a new clean drive THEN proceed to restore the backup from the air gapped device.

If you fail to disconnect a network/usb device that is infected you run the risk of having the ransomware transfer back to your computer AND/OR compromise your backups.

There is a lot that can go wrong in all of the above scenarios which is why you may want to call an IT professional, such as Regal Computer Services to help you through the process or arrange air gapped backups for you on a monthly contract.

Need IT Help ?

Contact 765 602 4676