We recently looked at what to do to avoid becoming a victim of ransomware. But sometimes, even if your employees are trained to the highest standard and you have the right technology installed, ransomware can still slip into the network. It's important to know what to do if you suspect you've fallen victim to a ransomware attack on both an individual and organizational level.
Firstly let's recap what we talked about in the last blog, Ransomware - how not to be a victim. How can you tell if you've been infected with ransomware? Let's look at the clues:
- You can't access the files on your device and if you do try to access them you see corruption or error messages preventing you from open them.
- The ransomware warns you of a countdown for payment and payment increases
- Files in all directories with names like: HOW TO DECRYPT FILES.TXT or DECRYPT_INSTRUCTIONS.HTML
Just like with any other cyber attack you'll want an incident response plan and team on hand to deal with the situation. If you suspect your device has been infected with ransomware then you'll want to alert the incident response team immediately.
If you're part of the incident response team you want to have the technology and ability to detect ransomware and conduct an initial analysis of what it is, and how it has gained access to your device and files. After the initial tests it's important that you eradicate the ransomware and complete a full backup to restore your files.
After the ransomware has been removed from the device, it's important to conduct further tests to find out how it was able to exploit your systems. You'll need to look at the technology, the people and process that are in place within your organization and make steps to strengthen and patch them to avoid future breaches.
What else can you do?
Use antivirus software to protect your system from ransomware.
- Anti-virus vendors often rely on static signatures (hashes) to identify malware, including ransomware.
- Ransomware writers automatically generate many copies daily and AV vendors often can’t keep up.
New approach: CryptoDrop is a new security tool that monitors data, alert user when it notices data being transformed from useful formats to unrecognizable types.
- Regardless of how a sample of ransomware tries to encrypt the file, it will stop the process.
- And doesn’t have to see your particular strain before it can stop it.
If you think your device has been infected with ransomware, or you'd just like a little more information please contact us today.