Ransomware – How to Stop It and What to Do If You Have Been Hit With Ransomware
Ransomware is a type of malicious software that can encrypt data and threaten to release it unless the victim pays a ransom. It’s a common threat to businesses of all sizes, and has become a lucrative business for cybercriminals.
How to Stop Ransomware
A multilayered approach that prevents ransomware from reaching networks and systems is the best way to mitigate the risk of these attacks. This includes minimizing the number of vulnerabilities, keeping an operating system patched and updated, using antivirus software and whitelisting software to avoid malware, and backing up data frequently and automatically.
Targeted Attacks
Typically, attackers target specific organizations that are vulnerable to ransomware. These include small, insecure organizations that have a smaller security team, a large user base that does a lot of file sharing, or law firms that may be more sensitive to leakware attacks.
Extortionists can also target companies that have a history of paying ransoms. These criminals can then use that information to make repeated attacks or extort more money in the future.
What to Do if You Have Been Hit with Ransomware
After a ransomware attack, the first thing you should do is isolate the infected machines, disconnect from networks and lock shared drives to prevent encryption. Next, you should try to recover as much data as possible from backups.
For certain crypto-ransomware families, security researchers have created tools that can retrieve the decryption keys that were used to encrypt files. However, these tools are limited and require a significant amount of technical expertise.