RansomWare: Recovering From An Attack
Business Technology | December 27, 2016
RANSOMWARE: RECOVERING FROM AN ATTACK
We’ve all experienced it at some point: our workstation starts behaving strangely; we’re suddenly bombarded with pop-up windows; certain programs operate poorly. When these things happen, it can be tough to pinpoint the cause. In this post we’ll examine some of the key signs that indicate you’ve probably been hit by ransomware. More importantly, we’ll show you how to recover from an attack
SIGNS AND SYMPTOMS
After ransomware has worked its way through your system, you may notice some of these symptoms: files stop working; programs function poorly; your folders contain text files explaining the nature of the ransomware attack; or your virus protection software identifies a problem but is unable to fix it. Besides the note dropped in your folders, each of these signs on their own doesn’t necessarily indicate ransomware. But, together, they strongly indicate that you’ve become a victim. So what’s next?
PROACTIVE PREVENTION REALLY IS THE KEY TO ENSURING YOUR COMPUTERS ARE READY FOR AN ATTACK
DIAGNOSIS AND TREATMENT
More often than not, you will be able to tell which workstation is infected, including who was logged in at the time, because the encrypted files will show “modified by last” details. When you find the infected system, focus your efforts there. Begin by exploring this workstation, looking for evidence in the documents folder and in the network home directory. This is extremely important because, as we’ve mentioned in a previous post, the malicious software will have access to every file for which the user has permissions.
While it may have failed initially, it is worthwhile to run an anti-virus scan and malware scan. This is done for two reasons. First, this will hopefully track down the location of the malware program that has commandeered the computer and will allow you to stop the program. Second, doing this will reveal whether or not any other systems or files were affected. If that’s the case, you’ll need to repeat these steps on the affected machines.
The final recovery step is to restore your files from a backup. You can expect this number to be well into the 1000’s so, in most cases, your best course of action is to simply restore the entirety of the infected network. There is no need to restore files to which the affected user had no access because the ransomware will not have been able to access these either. Doing a mass restore such as this will likely be faster than selectively restoring files.
It’s no secret that ransomware and other malicious software like it are a huge inconvenience. But, as you can see, it’s not impossible to recover and resume business as usual. Proactive prevention really is the key to ensuring your computers are ready for an attack. If you think you’ve become a victim of ransomware and need some extra help, or if you simply have questions about protecting your system, you can get in touch with us by leaving a comment below. You can also reach us directly on our website.
RANSOMWARE: RECOVERING FROM AN ATTACK
We’ve all experienced it at some point: our workstation starts behaving strangely; we’re suddenly bombarded with pop-up windows; certain programs operate poorly. When these things happen, it can be tough to pinpoint the cause. In this post we’ll examine some of the key signs that indicate you’ve probably been hit by ransomware. More importantly, we’ll show you how to recover from an attack
SIGNS AND SYMPTOMS
After ransomware has worked its way through your system, you may notice some of these symptoms: files stop working; programs function poorly; your folders contain text files explaining the nature of the ransomware attack; or your virus protection software identifies a problem but is unable to fix it. Besides the note dropped in your folders, each of these signs on their own doesn’t necessarily indicate ransomware. But, together, they strongly indicate that you’ve become a victim. So what’s next?
PROACTIVE PREVENTION REALLY IS THE KEY TO ENSURING YOUR COMPUTERS ARE READY FOR AN ATTACK
DIAGNOSIS AND TREATMENT
More often than not, you will be able to tell which workstation is infected, including who was logged in at the time, because the encrypted files will show “modified by last” details. When you find the infected system, focus your efforts there. Begin by exploring this workstation, looking for evidence in the documents folder and in the network home directory. This is extremely important because, as we’ve mentioned in a previous post, the malicious software will have access to every file for which the user has permissions.
While it may have failed initially, it is worthwhile to run an anti-virus scan and malware scan. This is done for two reasons. First, this will hopefully track down the location of the malware program that has commandeered the computer and will allow you to stop the program. Second, doing this will reveal whether or not any other systems or files were affected. If that’s the case, you’ll need to repeat these steps on the affected machines.
The final recovery step is to restore your files from a backup. You can expect this number to be well into the 1000’s so, in most cases, your best course of action is to simply restore the entirety of the infected network. There is no need to restore files to which the affected user had no access because the ransomware will not have been able to access these either. Doing a mass restore such as this will likely be faster than selectively restoring files.
It’s no secret that ransomware and other malicious software like it are a huge inconvenience. But, as you can see, it’s not impossible to recover and resume business as usual. Proactive prevention really is the key to ensuring your computers are ready for an attack. If you think you’ve become a victim of ransomware and need some extra help, or if you simply have questions about protecting your system, you can get in touch with us by leaving a comment below. You can also reach us directly on our website.