What Should You Do If Your Device Has Been Infected With Ransomware?

What Should You Do If Your Device Has Been Infected With Ransomware?

Ransomware is one form of malware that’s particularly damaging. It can lock a company out of their data, bringing their business to a standstill until it can be restored.

While Canadian businesses have previously been spared the volume of ransomware attacks that other countries have seen, CBC reported an increase in these types of attacks in Canada, with a recent attack on a Toronto Dental clinic, resulting in a ransom demand of $165,000.

How a ransomware attack works begins in a similar way to other virus and malware attacks. A phishing email or malicious website injects a device with ransomware.

The ransomware encrypts all the files on the computer and seeks out connections to servers and other devices in the same network.

A message will usually display on infected systems that includes a ransom demand and how to pay it (typically requested in untraceable bitcoin). When this happens, the victim typically has three options:

  • Remove the ransomware and restore their data from a backup (if they have one)
  • Pay the ransom and hope the attacker gives them the key to decrypt the data
  • Lose all their data

In the case of the attack on the dental clinic, the ransomware spread fast, impacting files on 19 of 22 of the clinic’s computers, locking it out of most digital files. Luckily, the clinic had a backup of their data so they avoided having to pay the ransom.

The cost of ransomware last year to Canadian businesses was $2.3 billion.

Ransomware is a serious threat to network security and costs just more than the immediate cost of resolution, because it can result in hours or days of downtime.

If you find yourself the victim of a ransomware attack, there are certain steps you want to take a soon as possible to reduce the impact on your business.

Steps to Take Immediately After a Ransomware Attack

Take of Photo of the Ransom Demand

One of the first indicators of a ransomware attack is the ransom note that appears on the device screen. It’s important to take a photo of this in case something causes it to disappear. The details on the note will help an IT specialist identify the type of ransomware that has infected your system. 

Additionally, the note contains the instructions on how to pay the ransom, should you decide you have to.

Disconnect the Infected Computer From all Network Connections 

Ransomware seeks out other files that it can infect. This includes other devices connected to the same network and cloud file storage systems that the device may be synching to.

You want to completely disconnect the device from all network connections, including the internet connection that allows it to sync with cloud services.

Check All Other Devices & Storage

Next, you need to see how far the ransomware has spread. Check all other devices on your network, including computers, mobile devices, and servers, to see if any of them are also infected. If they are, follow the same procedure above to disconnect from the network.

Using a non-infected device, check your cloud storage or backups that were connected to an infected device to see if any have been impacted by the ransomware. 

Call in an IT Professional

You don’t want to try to remove the ransomware yourself, or you could end up losing the ability to access your files if you need to pay the ransom.

An IT pro will be experienced with business continuity and disaster recovery and can walk you through the next steps involving file recovery and removal of the malware.

Decide on Backup Restoration or Ransom Payment

Ideally, you don’t want to have to pay a ransom to restore your files. It only emboldens the attacker to continue with more attacks and you have no guarantee that they’ll actually hold up their end of the bargain.

The ideal situation is to have a full backup of all your files so that an IT pro can remove the ransomware from your devices and restore your files.

However, if you haven’t properly backed up files, then the ransom may be your only option to getting your files back. You want to decide which path you’re taking before doing ransomware removal, because if it’s removed, then any decryption key an attacker gives you may not work.

Protect Yourself from Future Attacks

One of the things that an IT professional will do when helping you handle a ransomware attack is to learn how it happened so they can guide you in preventing it again in the future.

Companies can be vulnerable to ransomware for a number of reasons:

  • Employees aren’t well trained on phishing awareness
  • Devices don’t have updates applied in a timely manner
  • Poor password security that lets a hacker in

An IT pro will help you put protections in place to safeguard your network from a future attack consisting of ransomware of other types of malware.

Can Your Network Withstand a Ransomware Attack?

Haxxess can perform a full network cybersecurity assessment to ensure your Sudbury area business is fully protected from ransomware and other attacks.

Contact us today to schedule a free consultation! Call 705-222-8324 or reach out online.

stay in touch

Subscribe to our newsletter and we'll keep you informed about latest IT news.