What to Do If You’re a Victim of Ransomeware

The minute that anyone sees the signs of a ransomware attack, it is understandably a worrisome experience. Time may also be of the essence as most ransom amounts increase if not paid immediately. So if you suspect that you are a ransomware victim, here are the steps you can take.

Let’s begin!

1. Recognize or Check That It’s Indeed a Ransomware Attack

If you’re entirely sure that you have ransomware on your device or network, you can skip to the next step. But if you are still not 100% sure, here are some signs to look out for:

• Files are encrypted and cannot be opened
• Files are encrypted and the content is scrambled
• You are locked out of your computer
• You are locked out of web browsers
• You can see a ransom note on your screen or as a new .TXT or .HTML file on your computer

If you want a more detailed explanation of what each of these signs looks like, please refer to our article about the 5 Signs You’re a Victim of a Ransomware Attack.

2. Consider The Option of NOT Paying The Ransomware Demand

What happens if I don’t pay the ransom for ransomware?

Not paying the ransom is definitely encouraged by many experts because it discourages the hackers and also protects you, as a business or as an individual, from the risks involved with paying the ransom. However, if you choose this route, there are two things that you need to factor in. First, time is valuable. Some ransoms go higher when not paid immediately so if you change your mind and choose to pay it later on, you need to mind the time.

And second, another risk is that you may not be able to recover lost files again. Granted, there are tools that claim to be able to decrypt files but this depends on the kind of ransomware that you have. Advanced ransomware can be especially tricky.

Mostly, the success of speedy recovery after a ransomware attack relies a lot on backups. So it’s advisable for both establishments and individuals to always have their files backed up.

As an individual, what can I do if I choose not to pay the ransom for ransomware?

Here are the steps you can take if you are an individual who has been attacked by ransomware:

1. Determine the type of malware based on what you see on your device (whether it’s encrypting or locking.)
2. Take a photo of the ransom note for filing a police report later on.
3. Make sure that you have an antivirus or antimalware software on your computer.
4. Immediately disconnect your device from other devices and go offline to prevent the spread of the ransomware.
5. Run the antivirus or anti-malware software to clean up the virus but only do so if you are decided not to pay the ransom – which means there’s a risk of not getting the encrypted files decrypted. If you are faced with a screen-locking virus instead, you’d need to reboot your computer in safe mode first by pressing the power button and the S key on the keyboard at the same time – and then run the antivirus or anti-malware software.
6. If you do not have a backup for important files, you can try using decryption tools.
7. Lastly, file a police report and improve your personal cybersecurity.

As a business or establishment, what can I do if I choose not to pay the ransomware demand?

Typically, attacks on businesses and establishments are more sophisticated than those done on individuals. Furthermore, there is a lot at stake with the files of a business or establishment and downtime needs to be kept low. So here are the steps you can take:

1. With the team, assess the criticality of affected systems – because, for businesses or establishments, the attacks are typically spanning the network and not just one device.
2. Check if you have the ability to recover from existing backups
3. Begin recovery from backups.
4. Explore options for decryption tools if needed.
5. Upgrade the cybersecurity of your business

3. Consider The Option of Paying the Ransomware Demand

Does anyone ever choose to pay the ransom for ransomware?

Through the years, paying ransom for ransomware has risen significantly, exposing the reality that we rely on our digital files and devices more than ever before. Back in 2018, around 39% of ransomware victims chose to pay the ransom. In 2019, this number rose to 45%; and in 2020, the rate rose up again to 58%.

Is it safe and legal to pay the ransom to cybercriminals?

First, let’s discuss the matter of safety. At best, paying the ransom is a shot in the dark. The cybercriminals or hackers are not morally or ethically bound to honour their word. So even if the ransom is paid, they may not meet their end of the bargain. In some cases, the encryption key was released as promised but due to bad coding, it still didn’t work. Another danger to this is that it tells the hacker that their tactics have worked and are lucrative.

As for the legal aspect, ransomware attacks are considered a crime punishable by law and paying these criminals does encourage them to launch more attacks. However, it isn’t illegal to pay a ransomware demand if this is your personal or business decision.

As a business or establishments, what are the advisable steps to take if I choose to pay for the ransomware demand?

There might not be much that private individuals can do to lessen the risks associated with paying for the ransomware demand. However, for businesses, establishments, and cities that have the resources, there are some advisable steps to take. Furthermore, these types of entities are also often given a much higher ransom fee – hence the need to be extra careful. So here are the steps:

1. Hire a ransomware specialist.
2. Begin respectful communications with the hacker and negotiate for a discount or deal.
3. Ask the hacker to validate their decryption key by asking them to send a decrypted file.
4. Consult with law enforcement, legal counsel, and/or cyber insurer about your final decision.
5. Secure Bitcoin (or whatever currency) that the hacker is asking for.
6. Begin the recovery process using the decryption key.

4. Find Ways to Protect Your Business From Future Ransomware Attacks

When it comes to ransomware attacks, there really is no substitute for prevention and preparedness. For many businesses, the ransomware demand is only a part of the total loss since the downtime can be very costly. Investing in business interruption insurance, cyber insurance, and cybersecurity is a must.

When it comes to cybersecurity, there are a number of ways to go about it. Check out managed print services for increased document protection when printing, or digital document management for securely storing important files.

Furthermore, having managed IT services will help your business have a comprehensive readiness towards cyberattacks which involves the installation of effective antivirus software, ensuring backups, enhancing email security, early detection and mitigation of threats and more. If you’d like to learn more about the above solutions and what we at Integr8 can do for you, contact us today!