If youu2019ve just had a message appear on your computer screen saying that your files have been encrypted (locked) and you need to pay a ransom to get them back, hereu2019s what to do next:
- If yours is a work computer connected to a network of other computers, UNPLUG THE BLUE NETWORK CABLE OR POWER CORD IMMEDIATELY. This may stop the process of file encryption from going any further than it already has.u00a0 With Ransomware attacks, any files and folders you have access to on the network, will be accessible to the attacking cyber criminals unless you stop their access quick enough by disconnecting from your network.
- Take a picture of the ransom notice on your screen with your smartphone or a camera. This can be used when filing a police report later, especially if you decide to make an insurance claim.u00a0 This also helps authorities keep track of such attacks.u00a0
- Advise your IT support people on what has happened. They can then investigate to verify whether any files or folders on your Server (or in the cloud) have indeed been encrypted.u00a0 If so, they will need to be restored from the latest data backup. They will need to confirm first, however, that your backup files have not also been encrypted. u00a0
- As for any files stored locally on your computer, be sure the blue network cable remains disconnected, and re-connect the power cord (if it was disconnected in step 1), turn it on, log-in and start to review your local files and folders to see what you have access to and what has been encrypted. If you have a backup of locally stored files, you can restore encrypted files from the last copy.u00a0 If not, there are tools available that may be able to reverse the file encryption, but you would need to know which strain of encrypting ransomware youu2019re dealing with.u00a0 Otherwise, consider those files lost, unless you decide to pay the ransom. u00a0u00a0u00a0
Note that paying ransoms is not recommended by law enforcement agencies since this only encourages the cyber criminals.u00a0 They may even attack you again down the road, since they were successful the first time.u00a0 Also remember that these are criminals; just because you pay the ransom doesnu2019t mean they will be honest and indeed unlock your files.u00a0 They may ask for more payment before they do, or they may not un-lock them at all.
Most Ransomware attacks are a result of clicking on malicious email links or attachments, disguised as being legitimate.u00a0 u00a0The best defence against this type of attack is regular testing and training to keep employees on their toes.u00a0
BSC Solutions Group offers a world-renowned, effective, IT Security Awareness Testing & Training Service that addresses these types of attacks.u00a0 Call us today for more details.u00a0