LRQA Nettitude Blog

Ransomware - What to do if your device is infected

Posted by Amy Tuck on Apr 26, 2018 11:12:42 AM

We recently looked at what to do to avoid becoming a victim of ransomware. But sometimes, even if your employees are trained to the highest standard and you have the right technology installed, ransomware can still slip into the network. It's important to know what to do if you suspect you've fallen victim to a ransomware attack on both an individual and organizational level. 


Firstly let's recap what we talked about in the last blog, Ransomware - how not to be a victim. How can you tell if you've been infected with ransomware? Let's look at the clues:

  • You can't access the files on your device and if you do try to access them you see corruption or error messages preventing you from opening them. 
  • The ransomware warns you of a countdown for payment and payment increases
  • Files in all directories with names like: HOW TO DECRYPT FILES.TXT or DECRYPT_INSTRUCTIONS.HTML

Incident Response

Like any other cyber attack, you'll want an incident response plan and team on hand to deal with the situation. If you suspect your device has been infected with ransomware then you'll want to alert the incident response team immediately. 

If you're part of the incident response team you want to have the technology and ability to detect ransomware and conduct an initial analysis of what it is, and how it has gained access to your device and files. After the initial tests, it's important that you eradicate the ransomware and complete a full backup to restore your files. 

After the ransomware has been removed from the device, it's important to conduct further tests to find out how it was able to exploit your systems. You'll need to look at the technology, the people and process that are in place within your organization and take steps to strengthen and patch them to avoid future breaches. 

What else can you do?

Use antivirus software to protect your system from ransomware.

  • Anti-virus vendors often rely on static signatures (hashes) to identify malware, including ransomware.
  • Ransomware writers automatically generate many copies daily and AV vendors often can’t keep up.

New approach: CryptoDrop is a new security tool that monitors data, alert the user when it notices data being transformed from useful formats to unrecognizable types.

  • Regardless of how a sample of ransomware tries to encrypt the file, it will stop the process.
  • And doesn’t have to see your particular strain before it can stop it.

If you think your device has been infected with ransomware, or you'd just like a little more information please contact us today. 

Subscribe Here!

About LRQA Nettitude

LRQA Nettitude is the trusted cyber security provider to thousands of businesses around the world. We stop at nothing to keep your data and business secure in an age of ever-evolving cyber threats.

Recent Posts

Posts by Tag

See all