How To Recover From A Ransomware Attack

For a short time, the world returned home. Work, school, personal time - everything we did was inside the walls we call home.

No matter how careful we were with data while we were in a secure work environment, the lines became fuzzier as we co-existed with partners and kids.

Then we went back to work and school, and brought all of those devices and bad habits with us. And opened up the doors to increased criminal behavior.

One study in 2021 revealed that ransomware and other malicious behavior increased at an alarming rate. By the third quarter, ransomware attacks were up 148 percent over 2020 figures, with no end in sight.

A Forbes article showed that cybercriminals could penetrate 93 percent of company networks they attempt to hack into, and overall, businesses suffered 50 percent more cyber attacks per week during all of 2021.

Understanding ransomware  

Ransomware falls into two general categories: crypto and locker.

Crypto ransomware encrypts files on a computer, making them unusable without the proper key. Locker ransomware takes an extra step and locks the victim out of their device. They can’t access anything on the device.

In both attacks, the user is left without an option for recovery without giving in to the demands. Protection doesn’t start after the attack, but instead begins by developing a plan before you wind up a statistic.

How does it get there?

Ransomware often starts with what IT calls a trojan. It’s a type of malware designed to trick you into clicking and accessing it as if it were legitimate software. They can come in the form of an email, requesting you to click on a link. Some are attached to specific URLs, moving around as people share and connect.

Ransomware attacks are so powerful because they rely on people as triggers. They feed on emotion and bypass logical thinking. If they look “real,” there’s a good chance of gaining traction. That’s why today’s ransom attacks are so powerful - criminals have gotten good at mimicking actual data.

How to recover

The first thing to do is NOT pay the ransom. You’re dealing with a criminal, which means the chances of you recovering your data are limited at best. If you give in to demands, you’re telling them that they have power. You’ll be heavily targeted in the future because you bought into their demands.

With this out of mind, your next step is to take a deep breath and start following a plan. Report the attack. Your first instinct may be to try and hide it, but that will exacerbate the situation. Reporting it will help authorities identify the attacker, and help them learn more about the process. You can start by notifying the police, who will then get cybercrime investigators involved.

It’s not enough just to reload old data files back onto your devices. It’s important to thoroughly cleanse your system to eradicate the problem. The goal is to ensure the ransomware is completely stripped from your system and won’t cause a future problem. Unfortunately, there isn’t a tool that will remove everything. New criminal behavior is detected all the time; it’s a vicious circle of cat and mouse, and they attempt to bypass any cleanser software that may thwart their activity. The best plan is to completely wipe all of the storage and reinstall everything for a fresh start.

Only then should you restore your data with an uncompromised backup. A strong backup strategy should include continuous data protection, ensuring your data is always available and secure.

Once you're hacked, prevention should move up in importance. If they gained access once, chances are there are weaknesses in your security that can be further exploited. This is the time to ensure your data is as secure as it can be, and that you have a complete security plan in place to offer protection no matter where your employees work from.

Do you have a security plan in place to protect you from a ransomware attack?

For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.