This article provides information on what to do when attacked by ransomware, depending on how important the files are and your skills when using computers. Everyone should have the important files backed up on a regular basis. This ensures that you do not lose it all in case your computer is compromised or if ransomware protection fails.
In this case, it is not worth risking further, hence just re-image the machine or reinstall the OS.
To follow the steps below, you need to have some computer skill: install applications, track processes, kill processes from the command line, search online and follow instructions. If you think you do not have these skills, better turn off the computer and ask for help. Otherwise, follow the steps below:
At this point you realize your files are being encrypted and you cannot access them. Containment should be the first concern. This prevents the ransomware from attacking other machines or other files it can access. At the same time, it may save the files on the infected machine, if performed soon after the encryption process had started. To do this, follow the below steps:
At this point you managed to stop the ransomware from encrypting more files, but the infection itself still exists. You need to make sure you clean up the machine to avoid the ransomware executing again. Easiest is to install a malware removal tool and run it. However, note that such tools may not identify the specific variant that attacked you, so they may not be able to clean it up. To further reduce the risk of the ransomware executing again, you can perform the following steps:
Once the ransomware is stopped and the PC is cleaned up, you need to find a way to recover the encrypted files. There is no guarantee the files can be recovered, but there are decryption tools for many ransomware variants, so it is worth trying.
Note: there may be ransomware variants which cannot be cleaned up using the methods above, and, in that case, it is best to shutdown the computer and ask for help. Such ransomware may include the Petya family which modifies the MBR and forces a reboot in order to boot up its own code (instead of the Windows OS), etc.
To prevent further incidents, use anti-ransomware technology able to protect files and stop ransomware automatically. Go through our advice on how to protect against ransomware.
We can help users from losing their files in the event of a ransomware attack. Our dedicated solution TEMASOFT Ranstop, is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.
For more information, follow us on social media and subscribe to our newsletter.
This post was last modified on August 21, 2023 7:27 am
In the digital world, information is often stored and transferred through files. From the most…
Introduction Data security is more important than ever in today's fast-paced digital world. One critical…
Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…
Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…
File tracking is an important aspect of server administration, and it can help administrators detect…
File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…