Ransomeware Screen Image

Recovering from Ransomware

In IT Essentials, Security Essentials by FixKarLeave a Comment

By definition “a type of malicious software designed to block access to a computer system until a sum of money is paid”. If you get infected by ransomware, well known as cryptolocker in most cases; you should be prepared with basic solutions for security and recovery, which do not completely protect you 100% as of today. Having protection helps and keeps you protected about 98%, however being prepared makes all the different or if you let it effect you. Below are quick steps to recover from ransomeware infection if it might happen to you or you are looking for steps to recover quickly.

Most of the times you get to know about ransomware, when users are not able to open up files as they show a different format and reviewing files show corrupt or the second way to get aware is it leaves a big desktop image that your system is compromised with instructions to make payment to recover your own information.

Once you know it is ransomware, follow below steps.

Identify the computer where it started. Going to any folder which is infected, and finding a text file ransomware seems to create in each folder and review the owner of file and the last changed user credentials. You can do so by right clicking and going to properties of the file.

Details for Ransomeware Discovery

File Information. Right click file > Properties, Details Tab

Once you have identified the user reviewing a few files, knowing the IT setup you can quickly identify the computer. First thing to do is unplug the computer from the network you identified. This will save you from further infections.

Next thing you would need to do is, run a scan on all computers, we prefer running manual full scan to make sure everything is checked on all workstations and infections if any are removed. If you do find any infection with your current antivirus product. If you don’t have licensed antivirus we recommend to invest in it today. It does not stop ransomware as it can happen due to a lot of reasons but it can try stop it.

If you found infections on any computer, we recommend to clear those and reboot, re-run the scan. On making sure their are no infections, restore from backup system. If you don’t have a backup you might want to consider for your information to be back up and running quickly.

If you are prepared this process would have been simple and effective, if not read below to find out how it happened or could happen protecting your self.

Most research online and our experience resolving such issues has lead us to believe it mostly happens when a user receives an email with infected link or downloadable file.

For being protected to recover from such a issue you need to consider a few solutions. If you have in-house server consider getting Email Essentials as we call it, which controls inbound\outbound spam, URL filtering, and email continuity to protect from any issues with your own server. Email continuity is not required however having an your own server can protect you in case of any issues and helps in disaster recovery.

Once you have email protection, you will like to get a business antivirus. Reason we call it business is so that it is monitored. In case of any issues which might happen someone can take quick action. Make sure it is always updated and you run regular scans with a set schedule. Next you will like to take a look at getting web protection, this helps from any infected websites and not only saves from ransomware it also helps saving you from phishing, infected and malware site. Lastly get a backup which is run minimum every night. If you are attacked you can recover from it going back 24 hours. There are better solutions to back up information such as, every time you click save file is backed up or server systems which run backup every 15 to 30 minutes and recovery time is few minutes.

Consideration for always being protected

Consider Security Essentials, cover antivirus, web, email, network and information security

Disaster recovery plan based on recovery time and retention of information

Few things you can do at no cost to be safe.

Enable VSS on all computers for file versioning

Download free version Microsoft Essentials, keep it updated and run it manually every week atleast

We have two systems which apply here for your business protection, we call them IT Essentials and Security Essentials. If you face similar issue and will like to be always protected, please reach out to us to discuss more. Recovering from ransomware can be much easier and backed by our incredible support for keeping you always productive.

Please leave us any comments below or additional information you may have found. Share this article for others, to be prepared or recover without any issues.

Like It? Share It!

Related Posts

Leave a Comment