Fighting a ransomware attack: a comprehensive guide
In this blog, I’ll show you how to defend against a ransomware attack and how to protect your system from ransomware attacks.
What is a Ransomware Attack?
A ransomware attack can be defined as a malware attack where the attacker encrypts
victim’s important data and demands a payment (ransom) to decrypt the files.
Fighting against a Ransomware Attack
I’ll give you a complete step-by-step guide and tell you everything you need to know.
about what you should be doing if you are attacked by ransomware before you resort to any kind of professional help.
Steps to be followed to fight ransomware attacks:
1️⃣ Lock-down your network
The very first thing you should do is lock down infected computers on the network.
Because 90% of today’s threats will encrypt your network’s hard drive, any
other computers connected to the same network as the infected system.
So the first thing you should be doing is isolating the infected system. Maybe by blocking network traffic
utilising the firewall by disconnecting it from the network, or even the most traditional method
way of pulling the wires and disconnecting the system from the network.
Everything is good to go in that situation; it’s fine. Do whatever you have to do to
stop the ransomware from causing further damage.
2️⃣ Do not transfer any new files to the infected system
Do not ever do this mistake of transferring new files to the infected system,
thinking it wont get infected. There are lot of ransomware which encrypts in real time,
so whatever new files you transfer onto the system will be encrypted.
This is a general mistake that lots of people do, they think the attack is done,
so no more threats, and they delete the infected files and restore the original files from backup.
Which results in encryption of those restored files too, because the ransomware is still active
and it will encrypt all files that are transferred to that system.
Here you should stop the ransomware from running, its great if you can stop
the ransomware from task manager, but if all you think of unplugging the system
that’s fine too just do that.
3️⃣ Disable the ransomware process
You need to get rid of the active malware in the system. You can do it with anti-malware software,
but again, I advise caution when you are going through the step, because some scanners
are not very good when it comes to removing just the ransomware executable,
They might remove your important files or even the key file, making your files encrypted forever.
So be careful when you are running your scans, and don’t remove any key files, text files, or ransom notes, just remove the executable.
Now you might be thinking, “Hey, all this is good, but how can I decrypt my files?”
I got you, and now I’ll be telling you how you can decrypt the files.
4️⃣ Check for decryption options
So the very first thing you need to do is check if your files are decryptable.
Because a large amount of ransomware has been cracked by security researchers,
They have also created a decryptor that is freely available to the public, so you can
decrypt the infected files without paying a ransom.
There is an amazing site that will tell you what kind of ransomware you have.
whether it can be decrypted or not, and it will even give you the download link for the decryptor.
The site is called ID Ransomware. This website was developed by Daemon Slave.
The site is really easy to use; you can check out my video where I’ve shown a live demo by infecting my files with ransomware and then decrypting them; here is the link (this video to be added, till then make sure to subscribe the channel).
5️⃣ Make sure to have backups
There are several ransomware programs that are still unbreakable, and security researchers are still working on some ransomware to find its decryptor. So if you are attacked by such ransomware, It’s better to delete your files and reset your system, making sure you have a proper backup of the files.
If you don’t have proper backups, then make sure to visit this page, fill out the details, and submit. They will mail you after they have created a decryptor that will get your files back. It is a time-consuming process, so make sure you have patience.
6️⃣ Negotiating with the attacker
If you don’t have patience and you are ready to pay the ransom, you can follow this step, but I would not recommend anyone to follow this step. However, if you believe you require your files immediately, you can negotiate with the ransomware attackers, as it has been observed that they often come down from the initial price they requested.
You can do one more thing, you can ask them for a demo and pay them a small amount of money, and after they send you the decryptor, you can ask for help from a security researcher to save your time and money. But I’ll repeat: do not follow this step; don’t pay them ransom, because that is what they really did this for.
But, yes, I understand that there are some situations where you must pay them to get the files back, but before you do so, consult with security researchers and do not conceal the fact that you have been attacked. Because maybe after you pay the whole ransom, the attacker might give you some decryptor that does not even run on your machine, and if this happens, you are done! You have wasted your money and been fooled. I repeat, “Do not pay ransom,” and make sure to consult with security researchers.
This brings us to the end of today’s blog; I hope it helped you fight a ransomware attack and that you learned what to do and follow if you were attacked by ransomware.
If you have any problems understanding today’s blog, make sure to comment below, I’ll surely get back to you. Keep supporting and stay safe. I will be back with another interesting blog, but till then, it’s “VirusZzWaring” signing off.