July 9, 2021

Ransomware: Should you pay the hackers or?

Want your data back? Should you be taking to Ransom Demand? Did you know that upto 92% of people who pay ransom, do not get their data back.

Ransomware: Should you pay the hackers or?

Did you know that as per a report in Forbes Magazine, 92% of the people who pay Ransom to Ransomware do not get their data back? This is not suprirsing, so should you be talking to the person / group who has impacted your network with Ransomware? This blog post walks you through what to do, and what not to do when impacted by ransomware.

Kaspersky defines Ransomware, as a type of malware (malicious software) used by cybercriminals. If a computer or network has been infected with ransomware, the ransomware blocksaccess to the system or encrypts its data. Cybercriminals demand ransom money from their victims in exchange for releasing the data.

If your machine is impacted by Ransomware

  1. Immediately Inform your IT Security Team for Steps to Take
  2. Don't get tempted to pay the ransom, it does not help
  3. Immediately Disconnect the Machine from the Network so the Infection does not spread to other Machines
  4. Shutdown this Machine and boot into a Live CD (Such as from Linux etc) so that any background tasks that are encrypting your data do not keep running
  5. Use one of the tools below to identify the Ransomware and if a Solution is available
  6. Backup the Whole Machine and Data, in case tool is not available today - it maybe available in the future, and also these infected files can help researchers figure out decryption mechanisms
  7. Restore Data from the youngest backup that you have and go live
  8. When restoring data, make sure your operating system and other utilities are installed fresh, use new passwords and ensure all patches are installed
  9. Firewall (Even if it means software firewall) your systems, so that attackers can't get to it.
  10. Ensure you have worked with a Security Adviser to check the network for security holes, and or reasons this ransomware would have come in.
  11. Install tools, maintain backups to ensure business continuity.

Important Links and Resources

ID Ransomware: A website that lets you upload an infected file and helps identify the Ransomware, and also tells you if a tool is available to decrypt or not.

No More Ransom: A Collective effort by Antivirus Companies, and Cyber Crime Centers, to help you find free tools as well as resources when you have been impacted by Ransomware, to visit click here.

McAfee's Ransomware Recovery Tools: A Set of Free Tools for Windows Machines to try recover from a Ransomware Impacted System, click here to visit.

Kaspersky Ransomware Resources: This sites talks about various types of Ransomware, for you to understand.

💡
If you are not impacted but worried about secuirty against Ransomware and other Threats, our Security Assesment & Training service is a step forward to your business protection.