Recently, two of our clients were the victims of an increasingly common Internet scam known as a ransomware attack. These situations typically occur when a user inadvertently or unknowingly downloads a malicious form of software that can cause a PC or network’s files to become locked, encrypted or otherwise unavailable to their authorized users. It’s typically accompanied by a demand for “ransom” which, if paid, promises to release your system and files unharmed.
Several high profile cases have been in the news, including a couple of hospitals which ultimately paid to have their files released.
In the case of our clients, neither paid. The most effective solution, it should be noted, is to have a recent, full, off-site (or off-network) backup of your critical programs and data, which can then be restored to bring you back to, say, yesterday’s status. In one case, the client was not creating daily backups, and so had to restore a week’s worth (i.e., hundreds) of transactions through manual entry. (They’re now making sure to backup daily.)
The other client was using remote desktop access to another server that effectively provides a firewall, an added layer of protection.
The internet is loaded with information and tips, including a couple from Microsoft we thought worth sharing today below. (You can read more from Microsoft here.)
How did ransomware get on my PC? In most instances ransomware is automatically downloaded when you visit a malicious website or a website that’s been hacked.
I cannot access my PC or my files. Should I just go ahead and pay to regain access? There is no one-size-fits-all response if you have been victimized by ransomware. There is no guarantee that handing over the ransom will give you access to your files again. Paying the ransom could also make you a target for more malware.
How to recover your files depends on where your files are stored and what version of Windows you are using. Before you try to recover files, you should use Windows Defender Offline (a free tool from Microsoft) to fully clean your PC. You need to have turned on File History (in Windows 10 and Windows 8.1) or System Protection for previous versions (in Windows 7 and Windows Vista) before you were infected. Some ransomware will also encrypt or delete the backup versions of your files. This means that even if you have enabled File History, if you have set the backup location to be a network or local drive your backups might also be encrypted. Backups on a removable drive, or a drive that wasn’t connected when you were infected with the ransomware, might still work.
And to circle back to our clients’ situation, perhaps the most important reminder of all: The best advice for prevention is to ensure company-confidential, sensitive, or important files are securely backed up in a remote, un-connected backup or storage facility.
An ounce of prevention always being worth a pound of cure, and all that.