How do you remove ransomware?
16 August 2016
What do you do if you get Ransomware, and how do you prevent it from happening again?
Combating the rise of ransomware can be tough for businesses. Cybercriminals are continuing to improve how they deliver attacks through email, and use social engineering and spear phishing tactics to deliver payloads masked as perfectly benign, harmless emails. As these emails become ever more complex and more cleverly disguised, the chances that they become successful attacks increases. With that in mind, what happens if your business is infected by ransomware? How do you remove ransomware, and what can you do to prevent it from happening again?
The unthinkable has happened: You’ve got Ransomware!
It’s happened – one of your employees has clicked on an attachment in an email that seemed legitimate, and has executed a ransomware attack. You need to act fast, but what should you do?
1. Don’t pay
Although the odds may seem against you, never pay the ransom. This enables the attacker, justifies their actions, and doesn’t actually guarantee that paying the ransom will have any effect. There’s no such thing as a “thieves code”, so at the very best it’s an expensive risk. It’s also worth mentioning that paying the ransom could earmark you for repeat attacks – you’ve already paid out once, so in the eyes of the attacker, you’re ripe for the taking in the future.
2. Alert the police
Letting the relevant authorities know that you’ve been attacked by ransomware will assist them in future investigations that prevent cybercriminals from being repeat offenders, and may be able to offer support.
3. Isolate the infected endpoint or system
The first stage in ransomware removal is to cut off the infected endpoint from the rest of your network. This vital step prevents the ransomware from spreading, and reduces the potential for data loss. Naturally, the sooner this can be done the better, as particularly virulent strains of ransomware can spread extremely quickly.
Now that you’ve isolated your infected device(s), you can get to work on removing the ransomware from your network. The most effective method of ransomware removal is to use intelligent endpoint security software that can be used to find, identify and remove the ransomware. Be aware that this method isn’t always completely effective, or in some cases even possible. If you have a lack of available pre-installed security, or software that isn’t up to date or equipped to identify zero-day malware, you may struggle to successfully identify and remove ransomware. If this is the case, ensure you wipe your machine and remove any trace of the ransomware.
The final step in the ransomware recovery process is to restore your files and systems back to a state that was definitely secure. Again, this is only possible if you back up your systems regularly. A recent backup can be a godsend if the attack is particularly nasty, and can make losing your files less likely.
6. Learn for next time, and be prepared
Hopefully the above process is one that you never need to follow. Unfortunately, ransomware is becoming increasingly common, and as such it’s vital that businesses and organisations prepare for the seemingly inevitable in order to lower the risk that ransomware creates. Visit Prodec Networks #CLICKCLEVER content hub here to learn more.
Here are Prodec’s 3 top tips for proactively preparing for ransomware:
Employee security awareness training
Ensuring your employees know how to identify possible threats delivered through channels such as email is key. This can be achieved through employee security training and simulated phishing. One off security training has been proven to be less effective than long-term programs with plenty of touch points, so bear this in mind when implementing your security awareness policies.
Install Endpoint security software on all of your devices
Endpoint security programs work by predicting malicious behaviour, detecting exploits and malware, and resolving the problem by quarantining and remediating the threat quickly. There are a number of solutions available on the market, but Prodec’s preferred option is SentinelOne – the only software on the market that comes with a 100% Ransomware protection guarantee.
Back up regularly
Regular backups mitigate the threat of ransomware by reducing the amount of damage that a successful attack can potentially do. The more frequent you can back up your database the better, but it depends on the nature of your data – more critical data may need to be backed up even more regularly.
Ultimately, the best defence against Ransomware is preparation. Having a security plan in place that has elements of both employee awareness and endpoint protection makes ransomware removal and more importantly prevention, much less painful.