I’m infected with Ransomware. What do I do? – Ransomware Series Part 3

by | Jan 18, 2017 | Security | 0 comments

You’ve been infected with ransomware, you need to act quickly to save your data. 

  1. Disconnect from WiFi or unplug from the network immediately.
    You have to be off of the network so the infection does not spread to other machines or directories.
  1. Use System Restore or a backup solution to get back to a known-clean state.
    Recover your system, if possible, to the last good known state. However, you should be cautious, because some ransomwares now infects shadow files from the system restore, making it best to restore from a non-local backup method.

Don’t have a good backup file?

  1. Set the BIOS clock back. For example, if you have 72 hours to deliver the payment, this will trick the cyber-criminal about when your payment is due.  This will allow you to reduce the price on what you pay them, as well as giving you time to get some research in and resolve the infection.
  2. Download a bootable antivirus from a different clean computer and put it on a disc or an external drive.
  3. Boot into Safe Mode
  4. Connect the external drive or run the disc.
  5. Run the scan and wait for results.
  6. If a virus is found, delete it. If a virus is not found, you will probably have to re-image your computer to be safe, most likely losing everything unless your organization has Sandboxing tools available to test your files.
  7. Restart and do the procedure again to verify.

Unfortunately, the files that are encrypted will be lost unless there is an decryption tool. You can do research on a clean computer to see the type of virus that the antivirus found and verify if there is a decryption tool available from a reputable source.

If you want to learn more about how to protect yourself against ransomware, check out our Ransomware Blog Series that is updated each month.  We are also planning a webinar that summarizes all of the information from the series plus you will receive a ransomware guide for attending.  You can register to attend at the Peters & Associates Event Page.

Can’t wait for the webinar, contact Peters Security Services at 630.832.0075 or info@peters.com for a complimentary consultation.