It’s a typical weekday morning. You begin reading emails on your laptop while the coffee brews. One email contains an unexpected business opportunity. The email closes with a request for you to “download the document to view the full proposal.” Before you can stop yourself, you click the link ‘and immediately a picture like the one above takes over your screen.
Nothing can bring your day to a screeching halt quite like ransomware. This highly malicious form of malware can be defeated, however. So if you’re the victim of a ransomware attack, here are a few steps you should take to get your computer healthy again.
The Clock Is Ticking
First, it’s important to know that you may have a limited time to recover your files. The attackers behind ransomware might demand a quick payment before freeing your computer files. For example, WannaCry typically demands that the affected user pay $300 in bitcoin. If the victim doesn’t pay within three days, the amount doubles. If the ransom is not paid within a week, the computer files are deleted.
Many organizations, including the FBI, urge you not to pay the ransom. They argue that paying the ransom will simply open you up to future attacks. Paying also will encourage the attacker to target others. That said, it’s your choice whether to pay or not. You must determine how important the files are to you. Also, there’s no guarantee that you’ll get your files back even if you do pay. Hackers are not exactly reputable businessmen.
Prevent Further Immediate Attack
While you ponder the value of your files, you should be disconnecting the infected device from all networks. Pull out the ethernet cord. Shut off the wifi. Power down the computer. (But take a picture of the ransom note first.)
One infected device can spread to others, creating a dangerous domino effect that could eventually cripple everything on the network.
Seek the Experts
After you’ve disconnected from any network, it’s time to get in touch with the authorities. Contact your local police station or FBI field office. You also are encouraged to report the incident on the FBI’s Internet Crime Complaint Center website.
There are different variants of ransomware. The authorities may be able to tell you which version is on your computer. If you know which version of ransomware you’re infected with, you might be able to decrypt from encrypted files.
You may be able to figure this out yourself by going to the No More Ransom website. Once there, simply input the website address shown in the ransomware demand you received.
Restore Your Files
Here’s the hard truth: you’re probably not going to be able to get back all of your files. But security experts have created some helpful tools. These decryptor programs are your best bet besides paying the ransom.
Search engine results for “ransomware decryptor” will show you possible solutions from companies you’ve probably heard of, such as Cisco. Many ransomware decryptors are free! It doesn’t hurt to try them first. If that fails, you can contact one of the companies that offer professional ransomware file-restoration services.
Make Ransomware Disappear
Do you have an anti-malware program? If not, make sure you download one. Now’s the time to execute a deep-dive search for malware on your computer. With any luck, the anti-malware program will find the ransomware files that have been causing so many problems. At this time, you should follow the recommendations of your anti-malware program to remove the ransomware.
Your safest bet is to do a complete wipe of your computer by reinstalling your operating system. For the WannaCry example, you may need an installation CD, depending on your version of Windows. Windows 10 includes a factory reset option. Completely wiping your computer means it will likely be malware free; however, you should still run an anti-malware program once you get back up and running.
Resetting your computer to factory settings will mean the loss of any saved files, including those infected by ransomware. In the end, however, It’ll give you a fresh start.
Lessons Learned
It’s impossible to predict when ransomware, or any type of malware, may strike. This is why it’s so important to back up your files. Having copies of your data, knowing you’re prepared for a cyberattack or some other catastrophic failure, will put you at ease.
Another lesson is to be overly cautious when downloading email attachments. This is especially true when the sender is someone you don’t know. How can you tell if the attachment is malware? Focus your attention on the file extension. For example, .docx is a document. The .docm extension is also a document; however, it may contain macros which could be infected with malware.
If you receive an email like the one in our earlier example, and the attachment is a zip file, you probably shouldn’t open it. Here’s a not-so-fun fact: antivirus programs cannot scan zip files! They can be scanned only after being decompressed. And if you extract malware to your computer, it may be too late. Instead, upload the zip file to a website such as VirusTotal. VirusTotal will determine whether it contains any malware or not. It’s always a good idea to double check. It could mean the difference between keeping or losing your most valuable files.