How to handle Ransomware attack?

Ransomware infects your device, locks you out and asks you to pay a ransom.

What is Ransomware?

Types of Ransomware

  • Locker ransomware — This type of malware restricts access to the infected.
  • Crypto ransomware — Perhaps the most dangerous type of ransomware, this malware restricts access to stored data and files. It encrypts the user’s data and demands a ransom in exchange for the decryption key. However, paying the ransom doesn’t guarantee to get the key.
  • Mobile ransomware — This type of malware is spread from a mobile device to a computer and typically displays a message claiming that the device has been locked due to some type of illegal activity.
How Ransomware Works?
Ransomware timeline

Detection of a ransomware attack

  • Signature-based
  • Behavior-based
  • Based on Abnormal traffic

1. Detection by Signature

Ransomware attackers can create novel versions of malware with new signatures for every attack. Signature-based malware detection can’t identify what it doesn’t recognize. This leaves systems vulnerable to every new malware variant.

2. Detection by Behavior

3. Detection by Abnormal Traffic

While ransomware can cover its tracks and conceal the transfers, it may create network traffic that can be tracked. Abnormal traffic detection can trace back to the ransomware on the machine so that users can delete it.

Reactive Measures for the Mitigation of a Ransomware Attack

  1. Communication
  2. Backups
  3. Decryption tools
  4. Don’t pay a ransom
  5. Hire a Cybersecurity Expert

Protection against Future Ransomware Attacks

  • Keep your operating system and software up-to-date with the latest patches.
  • Maintain up-to-date anti-virus software, and scan all software downloaded from the internet prior to execution.
  • Restrict users’ ability (permissions) to install and run unwanted software applications, and apply the principle of “Least Privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
  • Avoid enabling macros from email attachments. If a user opens the attachment and enables macros, embedded code will execute the malware on the machine.
  • Do not follow unsolicited Web links in emails.

How to Mitigate an Active Ransomware?

  1. Quarantine the Machine: Some ransomware variants will try to spread to connected drives and other machines. Limit the spread of the malware by removing access to other potential targets.
  2. Leave the Computer On: Encryption of files may make a computer unstable, and powering off a computer can result in loss of volatile memory. Keep the computer on to maximize the probability of recovery.
  3. Create a Backup: Decryption of files for some ransomware variants is possible without paying the ransom. Make a copy of encrypted files on removable media in case a solution becomes available in the future or a failed decryption effort damages the files.
  4. Check for Decryptors: Check with the No More Ransom Project to see if a free decryptor is available. If so, run it on a copy of the encrypted data to see if it can restore the files.
  5. Ask For Help: Computers sometimes store backup copies of files stored on them. A digital forensics expert may be able to recover these copies if they have not been deleted by the malware.
  6. Wipe and Restore: Restore the machine from a clean backup or operating system installation. This ensures that the malware is completely removed from the device.

--

--

Cybersecurity Comprehensive Coverage

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store