How to Deal with a Ransomware Attack


Tech Insights for ProfessionalsThe latest thought leadership for IT pros

Thursday, October 5, 2017

Ransomware is a growing IT security threat, and there’s a lot being done to prevent it. However, what can you do if you fall victim to this malicious software?

Article 3 Minutes

One of the major problems in IT security at the moment is ransomware. This form of cyberattack involves a program that locks your computer and gates off your data behind an encryption. In order to get it back, users are asked to pay a ransom to the cybercriminals.

This is growing in severity, as more criminals turn to this method of cyberattack. As such, IT professionals need to be aware of what to do should they or their business fall victim to ransomware. Here is a step-by-step guide to dealing with this type of threat.

Step one: Disconnect your computer

It sounds like an easy answer, but one of the best things you can do if you notice you are under attack by ransomware is simply turn off your machine and disconnect it from the network it's on. Christopher Budd, global threat communications manager at Trend Micro, says this could stop the attack in its tracks.

However - and perhaps more importantly for large businesses - this will also stop the ransomware program from spreading to other computers connected to the same network. The last thing you want is multiple cases to deal with at the same time.

Step two: Call law enforcement

Jason Glassberg, cofounder of Casaba Security, told Business Insider UK that the first thing you should do is call the police. After all, infecting a computer with ransomware is a crime and law enforcement should be made aware of it. They may not be able to do much, but it will help build up a larger picture of the ransomware situation, which will help prepare for future attacks.

Step three: Don't pay the ransom

Unfortunately, there is no guarantee you are going to get your data back in the case of a ransomware attack. The encryptions that cybercriminals use to lock off your information almost always require a specific key to decode, and without this it can be nearly impossible to decrypt your machine.

However, giving in and paying the ransom is not the answer. FBI Cyber Division assistant director James Trainor points out that all this will do is fund more illegal activity. He said:

"Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity."

Furthermore, it doesn't even guarantee access to your data. Mr Glassberg entreats businesses to remember that you're dealing with criminals, adding: "They may not honor their promise to remove the ransomware or they may re-infect the network again soon afterward."

Step four: Contact an organization that can help

There are plenty of ways to remove ransomware from your computer, but without the relevant encryption keys your data may be lost forever unless you have it backed up. However, in some cases there are organizations who can help out.

One example is the No More Ransom project, which has access to a number of ransomware decryption tools for certain iterations of the software. There are no guarantees, but if you have a form of ransomware that is not particularly current it might be possible to recover your information.

Access the latest business knowledge in IT

Get Access

Tech Insights for Professionals

The latest thought leadership for IT pros

Insights for Professionals provide free access to the latest thought leadership from global brands. We deliver subscriber value by creating and gathering specialist content for senior professionals.


Join the conversation...