Damage Control When Ransomware Hits Your Company PCs
Every one of us is aware of how severe a ransomware attack can be and most of us are aware of the consequences of such attacks. But there are still few of us who know what to do in the event of one to fix the PCs and the network they are on. The following is crucial information for any IT security specialist or for you if you are only a small company and are in charge of your own computers.
Steps to Take
So, you know for certain that your network has been attacked by ransomware and now the countdown begins. You only have so long in which to fix this so the first thing to do is find out how many of the PCs on the network have been affected. These must be isolated and multiple drive network sharing must be disabled. The next step is to look at your file serves to find out how far the infection has spread. Look out for files with extensions like .locky, .zepto and .cry as these indicated files that have been newly encrypted and will give you an idea of how far things have gone.
Next, determine who the first person to report the infection was as this could narrow your search down for the source.
Have a look at the properties of an infected file to see who owns it. If nothing else, you will know who the target was or who clicked the link that brought the ransomware down.
Now it’s time to get all users who may be impacted by this off the network so that you can start doing some damage control. Now is when you will find out where the infection started and can alert those users that have not been infected, of the possibility.
If you can find the source and stop it before it spreads, do it but you only have minutes – that’s how long it takes for ransomware to take over and lock down a computer and it will not be long afterward that the entire network could be infected.
Download a free decryption tool (only a reputable one) that works on the strain of ransomware you have, if there isn’t one then you will need to perform a restore from your backed-up files. In any event, if you are at all unsure, then call in a professional.
Prevention is Better Than a Cure
Any business can steer clear of ransomware by putting a defense in place. Training your employees for a start, in identifying dodgy emails, bad websites, phishing attacks and possible attempts to deliver ransomware, can benefit the company significantly. Educated staff are less liable to click bad links.
Make sure your systems and data are backed up daily – by doing so you can ignore any ransomware demands and simply restore your systems. Make sure your data is backed up offline – some ransomware can attack backups done on cloud servers so keep a complete backup on a system that is disconnected from the network.
Lastly, keep your systems up-to-date and remove any unwanted files and applications. Only allow staff access to those that they need – this limits the chances of ransomware and other viruses spreading, making them easier to deal with.