Nettitude Blog

Ransomware - What to do if your device is infected

Posted by Amy Tuck on Apr 26, 2018 11:12:42 AM

We recently looked at what to do to avoid becoming a victim of ransomware. But sometimes, even if your employees are trained to the highest standard and you have the right technology installed, ransomware can still slip into the network. It's important to know what to do if you suspect you've fallen victim to a ransomware attack on both an individual and organizational level. 

Ransomware - What to do if your device is infected

Firstly let's recap what we talked about in the last blog, Ransomware - how not to be a victim. How can you tell if you've been infected with ransomware? Let's look at the clues:

  • You can't access the files on your device and if you do try to access them you see corruption or error messages preventing you from open them. 
  • The ransomware warns you of a countdown for payment and payment increases
  • Files in all directories with names like: HOW TO DECRYPT FILES.TXT or DECRYPT_INSTRUCTIONS.HTML

Incident Response

Just like with any other cyber attack you'll want an incident response plan and team on hand to deal with the situation. If you suspect your device has been infected with ransomware then you'll want to alert the incident response team immediately. 

If you're part of the incident response team you want to have the technology and ability to detect ransomware and conduct an initial analysis of what it is, and how it has gained access to your device and files. After the initial tests it's important that you eradicate the ransomware and complete a full backup to restore your files. 

After the ransomware has been removed from the device, it's important to conduct further tests to find out how it was able to exploit your systems. You'll need to look at the technology, the people and process that are in place within your organization and make steps to strengthen and patch them to avoid future breaches. 

What else can you do?

Use antivirus software to protect your system from ransomware.

  • Anti-virus vendors often rely on static signatures (hashes) to identify malware, including ransomware.
  • Ransomware writers automatically generate many copies daily and AV vendors often can’t keep up.

New approach: CryptoDrop is a new security tool that monitors data, alert user when it notices data being transformed from useful formats to unrecognizable types.

  • Regardless of how a sample of ransomware tries to encrypt the file, it will stop the process.
  • And doesn’t have to see your particular strain before it can stop it.

If you think your device has been infected with ransomware, or you'd just like a little more information please contact us today. 

About Nettitude

Nettitude is the trusted cyber security provider to thousands of businesses around the world. We stop at nothing to keep your data and business secure in an age of ever-evolving cyber threats.

In 2018, Nettitude became part of Lloyd’s Register, an 8,000 person strong professional services organisation, with 300 years of heritage in safety and risk management. Nettitude now provides true global coverage, through a network of over 180 offices strategically placed around the globe.

Subscribe Here!

Recent Posts