How to Contain and Eliminate Ransomware
Ransomware is a type of malware that is designed to take control of an infected computer and its files, with the attackers demanding payment for a decryption key. It works by encrypting files on the victim’s machine and any attached file shares, replacing the originals with encrypted versions, and displaying a ransom demand message. It’s not a new problem: the first ransomware was sent out on a floppy disk back in 1989.
Today’s ransomware is much more advanced and complex. It’s usually spread through phishing emails with malicious attachments or links to compromised websites, and once inside the network, it can exploit vulnerabilities and rapidly spread across devices and servers.
Once the organization is hit, the next step is to contain the infection by identifying all impacted systems. This requires disabling network access, disconnecting systems or powering them down if necessary. Ultimately, it’s about minimizing the impact on productivity and business revenue.
After containment, the organization can decide to restore from backups or pay the ransom. The choice depends on how important the data is and whether it can be replaced by other sources. But whichever option is taken, the final step should be to report the incident to law enforcement.
Besides exposing the organization to potential legal liability, the report may help law enforcement track down the attackers and bring them to justice. In addition, law enforcement may have tools that can help find and recover the stolen or encrypted data.