When Your Computer Has Been Taken Hostage: What To Do About Ransomware
April 24, 2015 Published by Rajesh Goel
A particularly vicious form of malware has grown exponentially in recent years – ransomware to be specific. This type of software restricts access to your files until a ransom is paid to its creators. Incidents have been increasing, and unfortunately some victims are resorting to paying the ransom in order to regain access. But is that the only option?
Ransomware is like most common illnesses insofar as you or someone in your company will get it; it is simply a matter of when. And like the common cold, there are plenty of “folk remedies” widely circulated, but the truth is that there is no working cure for ransomware. The best option is to expect your files to be held for ransom at some point and make appropriate preparations. By having a plan in place, you will find that an infection is little more than a hit in productivity: annoying, but survivable. Failing to prepare, however, means recovery will be expensive and may even be incurable.
Fortunately, the steps of preparation are simple. To start, you should implement full systems imaging backups. At Brainlink we backup our clients’ files a minimum of twice a day, and certain clients we backup every four hours. These backups need to be tested regularly; weekly testing of random files would be the minimum recommendation. Finally, be sure to train your staff to recognize when they have been hit with ransomware.
In addition to having a plan in the event of an infection, you can take steps to prevent an infection, too. Block advertising and social media sites at your firewall, and ban the use of Internet Explorer. Disable or minimize the use of Flash and Java on desktops. Using your best judgment, do not click on files, ads, or downloads in your email or on the internet that appear suspicious.
If you do have a computer that is infected, disconnect it from the network immediately to help prevent further damage. If you see a file named DECRYPT_INSTRUCTION.TXT, DECRYPT_INSTRUCTION.html, or DECRYPT_INSTRUCTION.url in any folders, you should note the path of the file and the encrypted files you were trying to access. Contact Brainlink at 917-685-7731 (or email firstname.lastname@example.org), and shut down your PC immediately.
Remember, although it is a threat, ransomware doesn’t have to be devastating! Make changes now to equip you staff and your business, and you’ll be glad you did.