Steps to Take if You’ve Been Hit by a Ransomware Attack

We all know hackers target millions of people and companies each year, but we often think, “It won’t happen to me.” Sadly, though, with the massive rise in ransomware attacks this year, combined with the fact that cybercriminals are increasingly going after individuals, the risk of falling victim to a hacker’s work keeps rising.

There are steps you can take to avoid being stunk by an attack, of course, but sometimes no matter how proactive you are, you may still fall foul of a hacker’s plot. If you suddenly find yourself locked out of your computer or receiving a ransom note based on another type of information theft or system crash, ransomware is at work. If this happens, you need to know what to do next.

Disconnect Your Machine

The first thing to do is immediately disconnect your machine from other devices and networks. If your computer is connected to other computers, external drives, or any other gadgets, the ransomware could spread fast via a network connection.

You also need to disconnect from file-syncing services such as Dropbox and Google Drive. The sooner you remove the infected computer from everything else it has been connected to, the better, as this means hackers have less chance to steal or delete more data or lock you out further.

Determine the Type of Ransom

The next step is to determine the type of ransomware you’ve been attacked by. There are three main types. Hopefully, you’ll be dealing with what’s known as “scareware.” This is the least worrisome because it’s fake ransomware, where hackers are just trying to scare you into paying them. Normally you’ll still be able to navigate your system and read most files, although you might have to deal with a few annoying popups.

The second type of ransomware is more of an issue. “Screen lockers” are, as the name suggests, ransomware infections that lock your screen, meaning you can’t get past a ransom note to anything else. Often you’ll see a notice on your screen claiming to be from the police, the IRS, the FBI, or some other government agency. It typically says illegal activity has been detected (such as filing false taxes) and that you must pay a fine to regain access to your computer.

The third type, encrypting ransomware, is particularly dire as it locks you out of your files, photographs, movies, emails, and the like. If you get stung by this kind of attack, it will be almost impossible to regain your files unless the cybercriminals decide to decrypt the information and return your access to you. Unfortunately, many people discover that even if they pay a ransom, this doesn’t guarantee access or the follow-through of decryption. Many hackers take the money and run, not to be heard from again.

Once you can determine which type of ransomware you’re dealing with and the likely consequences, you can better see how to proceed and whether or not it’s worth responding to or paying the ransom.

Try to Trace the Attack

It’s essential, too, to try to trace the source of the attack. Often ransomware gets onto systems via a dodgy email attachment or through clicking on a virus-laden link. Some other sources include software downloads with malware embedded surreptitiously or when a hacker gets into your system through an internet connection or learning your password. The sooner you discover the source of the ransomware, the quicker you can take measures to deal with it.

Take a Photo

Take a photo of the ransom note or other notification that pops up on your screen. Use a camera or your smartphone to capture the details or, if possible, take a screenshot. Having this file on hand is handy to provide to authorities. Submit a report to the police about the ransomware attack if you want to file an insurance claim. Doing so also assists authorities to keep track of infection rates and spreads, and to compile information on potential perpetrators.

Use Ransomware Removal Software

Next, remove the ransomware if possible. There are many effective ransomware removal tools on the market now. This kind of software cleans ransomware from machines so you can start over. It will not decrypt your files though, so if you plan to pay the ransom do so first before using a removal program, as you don’t want to hurt your chances of having files returned. The removal software will, however, ensure that no new files are locked or deleted.

Try to Recover or Restore Files

If you’ve kept backups of your data, you should be able to restore your files from this source (after first wiping the drive, so no ransomware remains). However, before you take this step, do check to make sure your backups weren’t encrypted or otherwise affected if there was a link between your computer and the external drive.

To investigate, plug a hard drive into another, non-affected machine, or log in to your backup service in the cloud to check on the status of your files.

Ransomware attacks are many and varied, but they all have negative consequences for those affected. However, by taking action ASAP, you should be able to reduce the downsides and get back up and running sooner rather than later.