I’m infected with Ransomware. What do I do? – Ransomware Series Part 3

You’ve been infected with ransomware, you need to act quickly to save your data. 

  1. Disconnect from WiFi or unplug from the network immediately.
    You have to be off of the network so the infection does not spread to other machines or directories.
  1. Use System Restore or a backup solution to get back to a known-clean state.
    Recover your system, if possible, to the last good known state. However, you should be cautious, because some ransomwares now infects shadow files from the system restore, making it best to restore from a non-local backup method.

Don’t have a good backup file?

  1. Set the BIOS clock back. For example, if you have 72 hours to deliver the payment, this will trick the cyber-criminal about when your payment is due.  This will allow you to reduce the price on what you pay them, as well as giving you time to get some research in and resolve the infection.
  2. Download a bootable antivirus from a different clean computer and put it on a disc or an external drive.
  3. Boot into Safe Mode
  4. Connect the external drive or run the disc.
  5. Run the scan and wait for results.
  6. If a virus is found, delete it. If a virus is not found, you will probably have to re-image your computer to be safe, most likely losing everything unless your organization has Sandboxing tools available to test your files.
  7. Restart and do the procedure again to verify.

Unfortunately, the files that are encrypted will be lost unless there is an decryption tool. You can do research on a clean computer to see the type of virus that the antivirus found and verify if there is a decryption tool available from a reputable source.

If you want to learn more about how to protect yourself against ransomware, check out our Ransomware Blog Series that is updated each month.  We are also planning a webinar that summarizes all of the information from the series plus you will receive a ransomware guide for attending.  You can register to attend at the Peters & Associates Event Page.

Can’t wait for the webinar, contact Peters Security Services at 630.832.0075 or info@peters.com for a complimentary consultation.

By |2018-12-18T12:18:31-05:00January 18th, 2017|Security Solutions|Comments Off on I’m infected with Ransomware. What do I do? – Ransomware Series Part 3

About the Author:

Galaxia Martin is the Director of Support Services and she is responsible for support and security services operations within the support desk. Galaxia has worked in the IT industry for over 15 years in Financial, Accounting, and Software Development businesses. She has designed and led organizational innovations, as well as optimized and increased growth within support operations. She understands the complexity of business operations and has experience with aligning business initiatives with cost reduction solutions. As an Information Technology expert, Galaxia continues to research and study the latest technology, cyber risks, and industry trends to help educate our clients. Galaxia has a Master’s degree in Information Systems with additional studies in marketing and arts. She is an active board member for a non-profit organization called WordsonWheels that helps infants and toddlers to increase early literacy skills in high risk communities.